00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011 #include <linux/types.h>
00012 #include <linux/version.h>
00013 #include <linux/fs.h>
00014 #include <linux/sched.h>
00015 #include <linux/quotaops.h>
00016 #include <linux/proc_fs.h>
00017 #include <linux/msdos_fs.h>
00018 #include <linux/iso_fs.h>
00019 #include <linux/nfs_fs.h>
00020 #include <linux/ext2_fs.h>
00021 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00022 #include <linux/coda.h>
00023 #include <linux/initrd.h>
00024 #include <linux/security.h>
00025
00026 #include <linux/syscalls.h>
00027 #endif
00028 #include <linux/coda_psdev.h>
00029 #include <linux/ncp_fs.h>
00030 #include <linux/smb.h>
00031 #include <linux/dnotify.h>
00032 #include <linux/mm.h>
00033 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00034 #include <linux/blkdev.h>
00035 #else
00036 #include <linux/blk.h>
00037 #endif
00038 #include <linux/init.h>
00039 #include <linux/config.h>
00040 #include <linux/module.h>
00041 #include <linux/netdevice.h>
00042 #include <linux/inetdevice.h>
00043 #include <asm/uaccess.h>
00044 #include <asm/atomic.h>
00045 #include <rsbac/types.h>
00046 #include <rsbac/aci.h>
00047 #include <rsbac/aci_data_structures.h>
00048 #include <rsbac/error.h>
00049 #include <rsbac/helpers.h>
00050 #include <rsbac/fs.h>
00051 #include <rsbac/getname.h>
00052 #include <rsbac/net_getname.h>
00053 #include <rsbac/adf.h>
00054 #include <rsbac/adf_main.h>
00055 #include <rsbac/reg.h>
00056 #include <rsbac/rkmem.h>
00057 #include <rsbac/gen_lists.h>
00058 #include <linux/string.h>
00059 #include <linux/kdev_t.h>
00060 #include <linux/smp_lock.h>
00061
00062 #ifdef CONFIG_RSBAC_MAC
00063 #include <rsbac/mac.h>
00064 #endif
00065
00066 #ifdef CONFIG_RSBAC_PM
00067 #include <rsbac/pm.h>
00068 #endif
00069
00070 #ifdef CONFIG_RSBAC_DAZ
00071 #include <rsbac/daz.h>
00072 #endif
00073
00074 #if defined(CONFIG_RSBAC_RC)
00075 #include <rsbac/rc.h>
00076 #endif
00077
00078 #if defined(CONFIG_RSBAC_AUTH)
00079 #include <rsbac/auth.h>
00080 #endif
00081
00082 #if defined(CONFIG_RSBAC_ACL)
00083 #include <rsbac/acl.h>
00084 #endif
00085
00086 #if defined(CONFIG_RSBAC_PAX) && (defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR))
00087 #include <rsbac/pax.h>
00088 #endif
00089
00090 #ifdef CONFIG_RSBAC_UM
00091 #include <rsbac/um.h>
00092 #endif
00093
00094 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
00095 #include <linux/unistd.h>
00096 #include <linux/timer.h>
00097 static u_int auto_interval = CONFIG_RSBAC_AUTO_WRITE * HZ;
00098 #endif
00099
00100 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
00101 || defined(CONFIG_RSBAC_INIT_THREAD)
00102 static DECLARE_WAIT_QUEUE_HEAD(rsbacd_wait);
00103 static struct timer_list rsbac_timer;
00104 #endif
00105
00106 #if defined(CONFIG_RSBAC_NET_OBJ)
00107 #include <rsbac/network.h>
00108 #endif
00109
00110
00111
00112
00113
00114
00115
00116
00117
00118 static rsbac_boolean_t rsbac_initialized = FALSE;
00119
00120 static char compiled_modules[80];
00121
00122 kdev_t rsbac_root_dev;
00123 #if defined(CONFIG_RSBAC_REG)
00124 EXPORT_SYMBOL(rsbac_root_dev);
00125 #endif
00126 DECLARE_MUTEX(rsbac_write_sem);
00127
00128 static struct rsbac_device_list_head_t device_list_head;
00129 static struct rsbac_dev_handles_t dev_handles;
00130 static struct rsbac_dev_handles_t dev_major_handles;
00131 static struct rsbac_ipc_handles_t ipc_handles;
00132 static struct rsbac_user_handles_t user_handles;
00133 #ifdef CONFIG_RSBAC_RC_UM_PROT
00134 static struct rsbac_group_handles_t group_handles;
00135 #endif
00136 static struct rsbac_process_handles_t process_handles;
00137
00138 #ifdef CONFIG_RSBAC_NET_DEV
00139 static struct rsbac_netdev_handles_t netdev_handles;
00140 #endif
00141 #ifdef CONFIG_RSBAC_NET_OBJ
00142 static rsbac_list_handle_t net_temp_handle;
00143 static struct rsbac_nettemp_handles_t nettemp_handles;
00144 static struct rsbac_lnetobj_handles_t lnetobj_handles;
00145 static struct rsbac_rnetobj_handles_t rnetobj_handles;
00146 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
00147 static struct rsbac_gen_netobj_aci_t def_gen_netobj_aci = DEFAULT_GEN_NETOBJ_ACI;
00148 #endif
00149 #endif
00150
00151
00152
00153
00154 static struct rsbac_gen_fd_aci_t def_gen_root_dir_aci = DEFAULT_GEN_ROOT_DIR_ACI;
00155 static struct rsbac_gen_fd_aci_t def_gen_fd_aci = DEFAULT_GEN_FD_ACI;
00156
00157 #if defined(CONFIG_RSBAC_MAC)
00158 static struct rsbac_mac_fd_aci_t def_mac_root_dir_aci = DEFAULT_MAC_ROOT_DIR_ACI;
00159 static struct rsbac_mac_fd_aci_t def_mac_fd_aci = DEFAULT_MAC_FD_ACI;
00160 #endif
00161 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00162 static rsbac_time_t rsbac_daz_ttl = CONFIG_RSBAC_DAZ_TTL;
00163 #endif
00164 #if defined(CONFIG_RSBAC_PM)
00165 static struct rsbac_pm_fd_aci_t def_pm_fd_aci = DEFAULT_PM_FD_ACI;
00166 #endif
00167 #if defined(CONFIG_RSBAC_RC)
00168 static struct rsbac_rc_fd_aci_t def_rc_root_dir_aci = DEFAULT_RC_ROOT_DIR_ACI;
00169 static struct rsbac_rc_fd_aci_t def_rc_fd_aci = DEFAULT_RC_FD_ACI;
00170 #endif
00171 #if defined(CONFIG_RSBAC_RES)
00172 static struct rsbac_res_fd_aci_t def_res_fd_aci = DEFAULT_RES_FD_ACI;
00173 #endif
00174
00175 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
00176 #include <rsbac/proc_fs.h>
00177
00178 #ifdef CONFIG_RSBAC_XSTATS
00179 static u_long get_attr_count[T_NONE] = {0,0,0,0,0,0,0};
00180 static u_long set_attr_count[T_NONE] = {0,0,0,0,0,0,0};
00181 static u_long remove_count[T_NONE] = {0,0,0,0,0,0,0};
00182 #endif
00183
00184 #if defined(CONFIG_RSBAC_REG)
00185 EXPORT_SYMBOL(proc_rsbac_root_p);
00186 #endif
00187 struct proc_dir_entry * proc_rsbac_root_p = NULL;
00188
00189 #if defined(CONFIG_RSBAC_REG)
00190 EXPORT_SYMBOL(proc_rsbac_backup_p);
00191 #endif
00192 struct proc_dir_entry * proc_rsbac_backup_p = NULL;
00193
00194 #endif
00195
00196 #ifdef CONFIG_DEVFS_MOUNT
00197 #include <linux/devfs_fs_kernel.h>
00198 static struct dentry * devfs_covered_p = NULL;
00199 static struct super_block * devfs_sb_p = NULL;
00200 #endif
00201
00202 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00203 static struct dentry * sysfs_covered_p = NULL;
00204 static struct super_block * sysfs_sb_p = NULL;
00205 #endif
00206
00207 #ifdef CONFIG_RSBAC_MAC
00208 static struct rsbac_mac_process_aci_t mac_init_p_aci = DEFAULT_MAC_P_INIT_ACI;
00209 #endif
00210 #ifdef CONFIG_RSBAC_RC
00211 static struct rsbac_rc_process_aci_t rc_kernel_p_aci = DEFAULT_RC_P_KERNEL_ACI;
00212 #endif
00213
00214
00215
00216
00217
00218 static struct rsbac_device_list_item_t * lookup_device(kdev_t);
00219
00220
00221
00222
00223
00224 static inline int gen_fd_hash(u_long inode)
00225 {
00226 return(inode % RSBAC_GEN_NR_FD_LISTS);
00227 }
00228 static inline int gen_p_hash(rsbac_pid_t pid)
00229 {
00230 return(pid % CONFIG_RSBAC_GEN_NR_P_LISTS);
00231 }
00232 #if defined(CONFIG_RSBAC_MAC)
00233 static inline int mac_fd_hash(u_long inode)
00234 {
00235 return(inode % RSBAC_MAC_NR_FD_LISTS);
00236 }
00237 static inline int mac_p_hash(rsbac_pid_t pid)
00238 {
00239 return(pid % CONFIG_RSBAC_MAC_NR_P_LISTS);
00240 }
00241 #endif
00242 #if defined(CONFIG_RSBAC_PM)
00243 static inline int pm_fd_hash(u_long inode)
00244 {
00245 return(inode % RSBAC_PM_NR_FD_LISTS);
00246 }
00247 #endif
00248 #if defined(CONFIG_RSBAC_DAZ)
00249 static inline int daz_fd_hash(u_long inode)
00250 {
00251 return(inode % RSBAC_DAZ_NR_FD_LISTS);
00252 }
00253 #if defined(CONFIG_RSBAC_DAZ_CACHE)
00254 static inline int daz_scanned_fd_hash(u_long inode)
00255 {
00256 return(inode % RSBAC_DAZ_SCANNED_NR_FD_LISTS);
00257 }
00258 #endif
00259 #endif
00260 #if defined(CONFIG_RSBAC_FF)
00261 static inline int ff_fd_hash(u_long inode)
00262 {
00263 return(inode % RSBAC_FF_NR_FD_LISTS);
00264 }
00265 #endif
00266 #if defined(CONFIG_RSBAC_RC)
00267 static inline int rc_fd_hash(u_long inode)
00268 {
00269 return(inode % RSBAC_RC_NR_FD_LISTS);
00270 }
00271 static inline int rc_p_hash(rsbac_pid_t pid)
00272 {
00273 return(pid % CONFIG_RSBAC_RC_NR_P_LISTS);
00274 }
00275 #endif
00276 #if defined(CONFIG_RSBAC_AUTH)
00277 static inline int auth_fd_hash(u_long inode)
00278 {
00279 return(inode % RSBAC_AUTH_NR_FD_LISTS);
00280 }
00281 #endif
00282 #if defined(CONFIG_RSBAC_CAP)
00283 static inline int cap_fd_hash(u_long inode)
00284 {
00285 return(inode % RSBAC_CAP_NR_FD_LISTS);
00286 }
00287 #endif
00288 #if defined(CONFIG_RSBAC_JAIL)
00289 static inline int jail_p_hash(rsbac_pid_t pid)
00290 {
00291 return(pid % CONFIG_RSBAC_JAIL_NR_P_LISTS);
00292 }
00293 #endif
00294 #if defined(CONFIG_RSBAC_PAX)
00295 static inline int pax_fd_hash(u_long inode)
00296 {
00297 return(inode % RSBAC_PAX_NR_FD_LISTS);
00298 }
00299 #endif
00300 #if defined(CONFIG_RSBAC_RES)
00301 static inline int res_fd_hash(u_long inode)
00302 {
00303 return(inode % RSBAC_RES_NR_FD_LISTS);
00304 }
00305 #endif
00306
00307
00308
00309
00310
00311
00312
00313
00314
00315
00316 rsbac_boolean_t writable(struct super_block * sb_p)
00317 {
00318 #ifdef CONFIG_RSBAC_NO_WRITE
00319 return(FALSE);
00320 #else
00321 if (!sb_p || !sb_p->s_dev)
00322 return(FALSE);
00323 if (
00324 rsbac_debug_no_write ||
00325 (sb_p->s_flags & MS_RDONLY)
00326 || in_interrupt())
00327 return(FALSE);
00328 if ( !MAJOR(sb_p->s_dev)
00329 #ifndef CONFIG_RSBAC_MSDOS_WRITE
00330 || (sb_p->s_magic == MSDOS_SUPER_MAGIC)
00331 #endif
00332 || (sb_p->s_magic == SOCKFS_MAGIC)
00333 || (sb_p->s_magic == PIPEFS_MAGIC)
00334 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00335 || (sb_p->s_magic == SYSFS_MAGIC)
00336 #endif
00337 || (sb_p->s_magic == NFS_SUPER_MAGIC)
00338 || (sb_p->s_magic == CODA_SUPER_MAGIC)
00339 || (sb_p->s_magic == NCP_SUPER_MAGIC)
00340 || (sb_p->s_magic == SMB_SUPER_MAGIC)
00341 || (sb_p->s_magic == ISOFS_SUPER_MAGIC))
00342 return(FALSE);
00343 else
00344 return(TRUE);
00345 #endif
00346 }
00347
00348
00349
00350
00351
00352
00353 static int lookup_aci_path_dentry(struct super_block * sb_p,
00354 struct dentry ** dir_dentry_pp,
00355 rsbac_boolean_t create_dir,
00356 kdev_t kdev)
00357 {
00358 struct dentry * dir_dentry_p = NULL;
00359 struct dentry * root_dentry_p = NULL;
00360 int err=0;
00361 struct rsbac_device_list_item_t * device_p;
00362 u_long dflags;
00363
00364 if(!dir_dentry_pp)
00365 return(-RSBAC_EINVALIDPOINTER);
00366
00367 if(!sb_p)
00368 {
00369 sb_p = rsbac_get_super_block(kdev);
00370 if (!sb_p)
00371 {
00372 rsbac_printk(KERN_WARNING
00373 "lookup_aci_path_dentry(): invalid device %02u:%02u\n",
00374 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
00375 return (-RSBAC_EINVALIDDEV);
00376 }
00377 }
00378
00379
00380 if( (sb_p->s_magic == PIPEFS_MAGIC)
00381 || (sb_p->s_magic == SOCKFS_MAGIC)
00382 )
00383 {
00384 return -RSBAC_ENOTFOUND;
00385 }
00386
00387 rsbac_read_lock(&device_list_head.lock, &dflags);
00388 device_p = lookup_device(kdev);
00389 if(!device_p)
00390 {
00391 rsbac_printk(KERN_WARNING
00392 "lookup_aci_path_dentry(): No entry for device %02u:%02u\n",
00393 MAJOR(kdev), MINOR(kdev));
00394 rsbac_read_unlock(&device_list_head.lock, &dflags);
00395 return(-RSBAC_EINVALIDDEV);
00396 }
00397
00398 if(device_p->rsbac_dir_dentry_p)
00399 {
00400 *dir_dentry_pp = device_p->rsbac_dir_dentry_p;
00401 #ifdef CONFIG_RSBAC_DEBUG
00402 if(rsbac_debug_ds)
00403 {
00404 rsbac_printk(KERN_DEBUG
00405 "lookup_aci_path_dentry(): device_p->rsbac_dir_dentry_p->d_count for device %02u:%02u is %i!\n",
00406 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00407 atomic_read(&device_p->rsbac_dir_dentry_p->d_count));
00408 }
00409 #endif
00410 rsbac_read_unlock(&device_list_head.lock, &dflags);
00411 return(0);
00412 }
00413
00414 rsbac_read_unlock(&device_list_head.lock, &dflags);
00415
00416 #ifdef CONFIG_RSBAC_DEBUG
00417 if(rsbac_debug_ds)
00418 {
00419 rsbac_printk(KERN_DEBUG
00420 "lookup_aci_path_dentry(): first time lookup for or non-existing %s on device %02u:%02u!\n",
00421 RSBAC_ACI_PATH,
00422 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00423 }
00424 #endif
00425 if (!sb_p->s_root)
00426 {
00427 rsbac_printk(KERN_WARNING
00428 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry!\n",
00429 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00430 err = -RSBAC_EINVALIDDEV;
00431 goto out;
00432 }
00433
00434 if (!sb_p->s_root->d_inode)
00435 {
00436 rsbac_printk(KERN_WARNING
00437 "lookup_aci_path_dentry(): Super_block for device %02u:%02u has no root dentry->d_inode!\n",
00438 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
00439 err = -RSBAC_EINVALIDDEV;
00440 goto out;
00441 }
00442
00443
00444 #ifdef CONFIG_RSBAC_DEBUG
00445 if(rsbac_debug_ds)
00446 {
00447 rsbac_printk(KERN_DEBUG
00448 "lookup_aci_path_dentry(): lookup rsbac path %s for device %02u:%02u, sb_p->s_root->d_count is %i!\n",
00449 RSBAC_ACI_PATH, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
00450 atomic_read(&sb_p->s_root->d_count));
00451 }
00452 #endif
00453 dir_dentry_p = rsbac_lookup_one_len(RSBAC_ACI_PATH, sb_p->s_root, strlen(RSBAC_ACI_PATH));
00454 if(IS_ERR(dir_dentry_p))
00455 switch(PTR_ERR(dir_dentry_p))
00456 {
00457 case -ENOENT:
00458 case -ENOTDIR:
00459 err = -RSBAC_ENOTFOUND;
00460 goto out;
00461 case -ENOMEM:
00462 rsbac_printk(KERN_WARNING
00463 "lookup_aci_path_dentry(): memory allocation error!\n");
00464 err = -RSBAC_ENOROOTDIR;
00465 goto out;
00466 case -ENAMETOOLONG:
00467 rsbac_printk(KERN_WARNING
00468 "lookup_aci_path_dentry(): ACI_PATH too long on fs!\n");
00469 err = -RSBAC_EPATHTOOLONG;
00470 goto out;
00471 case -EACCES:
00472 rsbac_printk(KERN_WARNING
00473 "lookup_aci_path_dentry(): No access to ACI_PATH!\n");
00474 err = -RSBAC_EACCESS;
00475 goto out;
00476 default:
00477 rsbac_printk(KERN_WARNING
00478 "lookup_aci_path_dentry(): Error on root dir: %li!\n",
00479 PTR_ERR(dir_dentry_p));
00480 err = -RSBAC_ENOROOTDIR;
00481 goto out;
00482 }
00483
00484 if (!dir_dentry_p)
00485 {
00486 rsbac_printk(KERN_WARNING
00487 "lookup_aci_path_dentry(): rsbac_lookup_(dentry|one) returned null pointer!\n");
00488 err = -RSBAC_EINVALIDPOINTER;
00489 goto out;
00490 }
00491 if (!dir_dentry_p->d_inode)
00492 {
00493
00494 if (!create_dir)
00495 {
00496 err = -RSBAC_ENOTFOUND;
00497 goto out_dir_dput;
00498 }
00499 #ifdef CONFIG_RSBAC_DEBUG
00500 if(rsbac_debug_ds)
00501 {
00502 rsbac_printk(KERN_DEBUG
00503 "lookup_aci_path_dentry(): try to create dir, first test writable!\n");
00504 }
00505 #endif
00506
00507 if (!writable(sb_p))
00508 {
00509 err = -RSBAC_ENOTWRITABLE;
00510 goto out_dir_dput;
00511 }
00512 root_dentry_p = lock_parent(dir_dentry_p);
00513 err = PTR_ERR(root_dentry_p);
00514 if ( IS_ERR(root_dentry_p))
00515 {
00516 err = -RSBAC_ECOULDNOTCREATEPATH;
00517 goto out_dir_dput;
00518 }
00519 if ( !root_dentry_p->d_inode
00520 || !root_dentry_p->d_inode->i_op
00521 || !root_dentry_p->d_inode->i_op->mkdir)
00522 {
00523 unlock_dir(root_dentry_p);
00524 err = -RSBAC_ECOULDNOTCREATEPATH;
00525 goto out_dir_dput;
00526 }
00527 DQUOT_INIT(root_dentry_p->d_inode);
00528 err = root_dentry_p->d_inode->i_op->mkdir(root_dentry_p->d_inode,
00529 dir_dentry_p,
00530 RSBAC_ACI_DIR_MODE);
00531 unlock_dir(root_dentry_p);
00532 if (err)
00533 {
00534 err = -RSBAC_ECOULDNOTCREATEPATH;
00535 goto out_dir_dput;
00536 }
00537 }
00538 else
00539 {
00540 if(!S_ISDIR(dir_dentry_p->d_inode->i_mode))
00541 {
00542 rsbac_printk(KERN_WARNING
00543 "lookup_aci_path_dentry(): supposed /%s dir on dev %02u:%02u is no dir!\n",
00544 RSBAC_ACI_PATH,
00545 MAJOR(sb_p->s_dev),
00546 MINOR(sb_p->s_dev));
00547 err = -RSBAC_EACCESS;
00548 goto out_dir_dput;
00549 }
00550 }
00551 #ifdef CONFIG_RSBAC_DEBUG
00552 if(rsbac_debug_ds)
00553 {
00554 rsbac_printk(KERN_DEBUG
00555 "lookup_aci_path_dentry(): dir_dentry_p->d_count is %i!\n",
00556 atomic_read(&dir_dentry_p->d_count));
00557 rsbac_printk(KERN_DEBUG
00558 "lookup_aci_path_dentry(): sb_p->s_root->d_count is now %i!\n",
00559 atomic_read(&sb_p->s_root->d_count));
00560 }
00561 #endif
00562
00563
00564 *dir_dentry_pp = dir_dentry_p;
00565
00566
00567 rsbac_read_lock(&device_list_head.lock, &dflags);
00568 device_p = lookup_device(kdev);
00569 if(device_p && !device_p->rsbac_dir_dentry_p)
00570 {
00571 device_p->rsbac_dir_dentry_p = dir_dentry_p;
00572 device_p->rsbac_dir_inode = dir_dentry_p->d_inode->i_ino;
00573 }
00574 rsbac_read_unlock(&device_list_head.lock, &dflags);
00575
00576 out:
00577 return (err);
00578
00579 out_dir_dput:
00580 dput(dir_dentry_p);
00581 goto out;
00582 }
00583
00584
00585
00586
00587
00588
00589
00590
00591
00592
00593 static struct rsbac_device_list_item_t * lookup_device(kdev_t kdev)
00594 {
00595 struct rsbac_device_list_item_t * curr = device_list_head.curr;
00596
00597
00598 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
00599 if(! (curr && (MAJOR(curr->id) == MAJOR(kdev)) && (MINOR(curr->id) == MINOR(kdev)) ) )
00600 #else
00601 if(! (curr && (curr->id == kdev) ) )
00602 #endif
00603 {
00604 curr = device_list_head.head;
00605 while ( curr
00606 && ( (RSBAC_MAJOR(curr->id) != RSBAC_MAJOR(kdev))
00607 || (RSBAC_MINOR(curr->id) != RSBAC_MINOR(kdev))
00608 )
00609 )
00610 {
00611 curr = curr->next;
00612 }
00613 if (curr)
00614 device_list_head.curr=curr;
00615 }
00616
00617 return (curr);
00618 }
00619
00620 static int dev_compare(void * desc1, void * desc2)
00621 {
00622 int result;
00623 struct rsbac_dev_desc_t * i_desc1 = desc1;
00624 struct rsbac_dev_desc_t * i_desc2 = desc2;
00625
00626 result = memcmp(&i_desc1->type,
00627 &i_desc2->type,
00628 sizeof(i_desc1->type));
00629 if(result)
00630 return result;
00631 result = memcmp(&i_desc1->major,
00632 &i_desc2->major,
00633 sizeof(i_desc1->major));
00634 if(result)
00635 return result;
00636 return memcmp(&i_desc1->minor,
00637 &i_desc2->minor,
00638 sizeof(i_desc1->minor));
00639 }
00640
00641 static int dev_major_compare(void * desc1, void * desc2)
00642 {
00643 int result;
00644 struct rsbac_dev_desc_t * i_desc1 = desc1;
00645 struct rsbac_dev_desc_t * i_desc2 = desc2;
00646
00647 result = memcmp(&i_desc1->type,
00648 &i_desc2->type,
00649 sizeof(i_desc1->type));
00650 if(result)
00651 return result;
00652 return memcmp(&i_desc1->major,
00653 &i_desc2->major,
00654 sizeof(i_desc1->major));
00655 }
00656
00657 static int ipc_compare(void * desc1, void * desc2)
00658 {
00659 int result;
00660 struct rsbac_ipc_t * i_desc1 = desc1;
00661 struct rsbac_ipc_t * i_desc2 = desc2;
00662
00663 result = memcmp(&i_desc1->type,
00664 &i_desc2->type,
00665 sizeof(i_desc1->type));
00666 if(result)
00667 return result;
00668 else
00669 return memcmp(&i_desc1->id.id_nr,
00670 &i_desc2->id.id_nr,
00671 sizeof(i_desc1->id.id_nr));
00672 }
00673
00674 #ifdef CONFIG_RSBAC_NET_DEV
00675 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC)
00676 static int netdev_compare(void * desc1, void * desc2)
00677 {
00678 return strncmp(desc1,
00679 desc2,
00680 RSBAC_IFNAMSIZ);
00681 }
00682 #endif
00683 #endif
00684
00685
00686
00687
00688 static int gen_fd_conv(
00689 void * old_desc,
00690 void * old_data,
00691 void * new_desc,
00692 void * new_data)
00693 {
00694 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00695 struct rsbac_gen_fd_old_aci_t * old_aci = old_data;
00696
00697 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00698 new_aci->log_array_low = old_aci->log_array_low;
00699 new_aci->log_array_high = old_aci->log_array_high;
00700 new_aci->log_program_based = old_aci->log_program_based;
00701 new_aci->symlink_add_remote_ip = 0;
00702 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00703 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00704 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00705 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00706 new_aci->fake_root_uid = old_aci->fake_root_uid;
00707 new_aci->auid_exempt = old_aci->auid_exempt;
00708 return 0;
00709 }
00710
00711 static int gen_fd_old_conv(
00712 void * old_desc,
00713 void * old_data,
00714 void * new_desc,
00715 void * new_data)
00716 {
00717 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00718 struct rsbac_gen_fd_old_aci_t * old_aci = old_data;
00719
00720 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00721 new_aci->log_array_low = old_aci->log_array_low;
00722 new_aci->log_array_high = old_aci->log_array_high;
00723 new_aci->log_program_based = old_aci->log_program_based;
00724 new_aci->symlink_add_remote_ip = 0;
00725 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00726 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00727 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00728 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00729 new_aci->fake_root_uid = old_aci->fake_root_uid;
00730 new_aci->auid_exempt = RSBAC_NO_USER;
00731 return 0;
00732 }
00733
00734 static int gen_fd_old_old_conv(
00735 void * old_desc,
00736 void * old_data,
00737 void * new_desc,
00738 void * new_data)
00739 {
00740 struct rsbac_gen_fd_aci_t * new_aci = new_data;
00741 struct rsbac_gen_fd_old_old_aci_t * old_aci = old_data;
00742
00743 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00744 new_aci->log_array_low = old_aci->log_array_low;
00745 new_aci->log_array_high = old_aci->log_array_high;
00746 new_aci->log_program_based = old_aci->log_program_based;
00747 new_aci->symlink_add_remote_ip = 0;
00748 new_aci->symlink_add_uid = old_aci->symlink_add_uid;
00749 new_aci->symlink_add_mac_level = old_aci->symlink_add_mac_level;
00750 new_aci->symlink_add_rc_role = old_aci->symlink_add_rc_role;
00751 new_aci->linux_dac_disable = old_aci->linux_dac_disable;
00752 new_aci->fake_root_uid = FR_off;
00753 new_aci->auid_exempt = RSBAC_NO_USER;
00754 return 0;
00755 }
00756
00757 rsbac_list_conv_function_t * gen_fd_get_conv(rsbac_version_t old_version)
00758 {
00759 switch(old_version)
00760 {
00761 case RSBAC_GEN_FD_OLD_ACI_VERSION:
00762 return gen_fd_conv;
00763 case RSBAC_GEN_FD_OLD_OLD_ACI_VERSION:
00764 return gen_fd_old_conv;
00765 case RSBAC_GEN_FD_OLD_OLD_OLD_ACI_VERSION:
00766 return gen_fd_old_old_conv;
00767 default:
00768 return NULL;
00769 }
00770 }
00771
00772 static int gen_dev_conv(
00773 void * old_desc,
00774 void * old_data,
00775 void * new_desc,
00776 void * new_data)
00777 {
00778 struct rsbac_dev_desc_t * new = new_desc;
00779 struct rsbac_dev_t * old = old_desc;
00780
00781 memcpy(new_data, old_data, sizeof(struct rsbac_gen_dev_aci_t));
00782 new->type = old->type;
00783 new->major = RSBAC_MAJOR(old->id);
00784 new->minor = RSBAC_MINOR(old->id);
00785 return 0;
00786 }
00787
00788 rsbac_list_conv_function_t * gen_dev_get_conv(rsbac_version_t old_version)
00789 {
00790 switch(old_version)
00791 {
00792 case RSBAC_GEN_DEV_OLD_ACI_VERSION:
00793 return gen_dev_conv;
00794 default:
00795 return NULL;
00796 }
00797 }
00798
00799 #ifdef CONFIG_RSBAC_MAC
00800 static int mac_old_fd_conv(
00801 void * old_desc,
00802 void * old_data,
00803 void * new_desc,
00804 void * new_data)
00805 {
00806 struct rsbac_mac_fd_aci_t * new_aci = new_data;
00807 struct rsbac_mac_fd_old_aci_t * old_aci = old_data;
00808
00809 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00810 new_aci->sec_level = old_aci->sec_level;
00811 new_aci->mac_categories = old_aci->mac_categories;
00812 new_aci->mac_auto = old_aci->mac_auto;
00813 new_aci->mac_prop_trusted = old_aci->mac_prop_trusted;
00814 new_aci->mac_file_flags = old_aci->mac_file_flags;
00815 return 0;
00816 }
00817
00818 static int mac_old_old_fd_conv(
00819 void * old_desc,
00820 void * old_data,
00821 void * new_desc,
00822 void * new_data)
00823 {
00824 struct rsbac_mac_fd_aci_t * new_aci = new_data;
00825 struct rsbac_mac_fd_old_old_aci_t * old_aci = old_data;
00826
00827 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00828 new_aci->sec_level = old_aci->sec_level;
00829 new_aci->mac_categories = old_aci->mac_categories;
00830 new_aci->mac_auto = old_aci->mac_auto;
00831 new_aci->mac_prop_trusted = FALSE;
00832 if(old_aci->mac_shared)
00833 new_aci->mac_file_flags = MAC_write_up;
00834 else
00835 new_aci->mac_file_flags = 0;
00836 return 0;
00837 }
00838
00839 static int mac_old_old_old_fd_conv(
00840 void * old_desc,
00841 void * old_data,
00842 void * new_desc,
00843 void * new_data)
00844 {
00845 struct rsbac_mac_fd_aci_t * new_aci = new_data;
00846 struct rsbac_mac_fd_old_old_old_aci_t * old_aci = old_data;
00847
00848 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
00849 new_aci->sec_level = old_aci->sec_level;
00850 new_aci->mac_categories = old_aci->mac_categories;
00851 new_aci->mac_auto = old_aci->mac_auto;
00852 new_aci->mac_prop_trusted = FALSE;
00853 new_aci->mac_file_flags = 0;
00854 return 0;
00855 }
00856
00857 rsbac_list_conv_function_t * mac_fd_get_conv(rsbac_version_t old_version)
00858 {
00859 switch(old_version)
00860 {
00861 case RSBAC_MAC_FD_OLD_ACI_VERSION:
00862 return mac_old_fd_conv;
00863 case RSBAC_MAC_FD_OLD_OLD_ACI_VERSION:
00864 return mac_old_old_fd_conv;
00865 case RSBAC_MAC_FD_OLD_OLD_OLD_ACI_VERSION:
00866 return mac_old_old_old_fd_conv;
00867 default:
00868 return NULL;
00869 }
00870 }
00871
00872 static int mac_dev_conv(
00873 void * old_desc,
00874 void * old_data,
00875 void * new_desc,
00876 void * new_data)
00877 {
00878 struct rsbac_dev_desc_t * new = new_desc;
00879 struct rsbac_dev_t * old = old_desc;
00880
00881 memcpy(new_data, old_data, sizeof(struct rsbac_mac_dev_aci_t));
00882 new->type = old->type;
00883 new->major = RSBAC_MAJOR(old->id);
00884 new->minor = RSBAC_MINOR(old->id);
00885 return 0;
00886 }
00887
00888 rsbac_list_conv_function_t * mac_dev_get_conv(rsbac_version_t old_version)
00889 {
00890 switch(old_version)
00891 {
00892 case RSBAC_MAC_DEV_OLD_ACI_VERSION:
00893 return mac_dev_conv;
00894 default:
00895 return NULL;
00896 }
00897 }
00898
00899 static int mac_old_user_conv(
00900 void * old_desc,
00901 void * old_data,
00902 void * new_desc,
00903 void * new_data)
00904 {
00905 struct rsbac_mac_user_aci_t * new_aci = new_data;
00906 struct rsbac_mac_user_old_aci_t * old_aci = old_data;
00907
00908 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00909 new_aci->security_level = old_aci->access_appr;
00910 new_aci->initial_security_level = old_aci->access_appr;
00911 new_aci->min_security_level = old_aci->min_access_appr;
00912 new_aci->mac_categories = old_aci->mac_categories;
00913 new_aci->mac_initial_categories = old_aci->mac_categories;
00914 new_aci->mac_min_categories = old_aci->mac_min_categories;
00915 new_aci->system_role = old_aci->system_role;
00916 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00917 if(old_aci->mac_allow_auto)
00918 new_aci->mac_user_flags |= MAC_allow_auto;
00919 return 0;
00920 }
00921
00922 static int mac_old_old_user_conv(
00923 void * old_desc,
00924 void * old_data,
00925 void * new_desc,
00926 void * new_data)
00927 {
00928 struct rsbac_mac_user_aci_t * new_aci = new_data;
00929 struct rsbac_mac_user_old_old_aci_t * old_aci = old_data;
00930
00931 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00932 new_aci->security_level = old_aci->access_appr;
00933 new_aci->initial_security_level = old_aci->access_appr;
00934 new_aci->min_security_level = old_aci->min_access_appr;
00935 new_aci->mac_categories = old_aci->mac_categories;
00936 new_aci->mac_initial_categories = old_aci->mac_categories;
00937 new_aci->mac_min_categories = old_aci->mac_min_categories;
00938 new_aci->system_role = old_aci->system_role;
00939 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00940 return 0;
00941 }
00942
00943 static int mac_old_old_old_user_conv(
00944 void * old_desc,
00945 void * old_data,
00946 void * new_desc,
00947 void * new_data)
00948 {
00949 struct rsbac_mac_user_aci_t * new_aci = new_data;
00950 struct rsbac_mac_user_old_old_old_aci_t * old_aci = old_data;
00951
00952 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
00953 new_aci->security_level = old_aci->access_appr;
00954 new_aci->initial_security_level = old_aci->access_appr;
00955 new_aci->min_security_level = SL_unclassified;
00956 new_aci->mac_categories = old_aci->mac_categories;
00957 new_aci->mac_initial_categories = old_aci->mac_categories;
00958 new_aci->mac_min_categories = RSBAC_MAC_MIN_CAT_VECTOR;
00959 new_aci->system_role = old_aci->system_role;
00960 new_aci->mac_user_flags = RSBAC_MAC_DEF_U_FLAGS;
00961 return 0;
00962 }
00963
00964 rsbac_list_conv_function_t * mac_user_get_conv(rsbac_version_t old_version)
00965 {
00966 switch(old_version)
00967 {
00968 case RSBAC_MAC_USER_OLD_ACI_VERSION:
00969 return mac_old_user_conv;
00970 case RSBAC_MAC_USER_OLD_OLD_ACI_VERSION:
00971 return mac_old_old_user_conv;
00972 case RSBAC_MAC_USER_OLD_OLD_OLD_ACI_VERSION:
00973 return mac_old_old_old_user_conv;
00974 default:
00975 return NULL;
00976 }
00977 }
00978 #endif
00979
00980 #ifdef CONFIG_RSBAC_PM
00981 static int pm_dev_conv(
00982 void * old_desc,
00983 void * old_data,
00984 void * new_desc,
00985 void * new_data)
00986 {
00987 struct rsbac_dev_desc_t * new = new_desc;
00988 struct rsbac_dev_t * old = old_desc;
00989
00990 memcpy(new_data, old_data, sizeof(struct rsbac_pm_dev_aci_t));
00991 new->type = old->type;
00992 new->major = RSBAC_MAJOR(old->id);
00993 new->minor = RSBAC_MINOR(old->id);
00994 return 0;
00995 }
00996
00997 rsbac_list_conv_function_t * pm_dev_get_conv(rsbac_version_t old_version)
00998 {
00999 switch(old_version)
01000 {
01001 case RSBAC_PM_DEV_OLD_ACI_VERSION:
01002 return pm_dev_conv;
01003 default:
01004 return NULL;
01005 }
01006 }
01007 #endif
01008
01009 #ifdef CONFIG_RSBAC_RC
01010 static int rc_dev_conv(
01011 void * old_desc,
01012 void * old_data,
01013 void * new_desc,
01014 void * new_data)
01015 {
01016 struct rsbac_dev_desc_t * new = new_desc;
01017 struct rsbac_dev_t * old = old_desc;
01018
01019 memcpy(new_data, old_data, sizeof(rsbac_rc_type_id_t));
01020 new->type = old->type;
01021 new->major = RSBAC_MAJOR(old->id);
01022 new->minor = RSBAC_MINOR(old->id);
01023 return 0;
01024 }
01025
01026 rsbac_list_conv_function_t * rc_dev_get_conv(rsbac_version_t old_version)
01027 {
01028 switch(old_version)
01029 {
01030 case RSBAC_RC_DEV_OLD_ACI_VERSION:
01031 return rc_dev_conv;
01032 default:
01033 return NULL;
01034 }
01035 }
01036
01037 static int rc_user_conv(
01038 void * old_desc,
01039 void * old_data,
01040 void * new_desc,
01041 void * new_data)
01042 {
01043 struct rsbac_rc_user_aci_t * new_aci = new_data;
01044 rsbac_rc_role_id_t * old_aci = old_data;
01045
01046 memcpy(new_desc, old_desc, sizeof(rsbac_uid_t));
01047 new_aci->rc_role = *old_aci;
01048 new_aci->rc_type = RSBAC_RC_GENERAL_TYPE;
01049 return 0;
01050 }
01051
01052 rsbac_list_conv_function_t * rc_user_get_conv(rsbac_version_t old_version)
01053 {
01054 switch(old_version)
01055 {
01056 case RSBAC_RC_USER_OLD_ACI_VERSION:
01057 return rc_user_conv;
01058 default:
01059 return NULL;
01060 }
01061 }
01062 #endif
01063
01064 #ifdef CONFIG_RSBAC_AUTH
01065 static int auth_old_fd_conv(
01066 void * old_desc,
01067 void * old_data,
01068 void * new_desc,
01069 void * new_data)
01070 {
01071 struct rsbac_auth_fd_aci_t * new_aci = new_data;
01072 struct rsbac_auth_fd_old_aci_t * old_aci = old_data;
01073
01074 memcpy(new_desc, old_desc, sizeof(rsbac_inode_nr_t));
01075 new_aci->auth_may_setuid = old_aci->auth_may_setuid;
01076 new_aci->auth_may_set_cap = old_aci->auth_may_set_cap;
01077 new_aci->auth_learn = FALSE;
01078 return 0;
01079 }
01080
01081 rsbac_list_conv_function_t * auth_fd_get_conv(rsbac_version_t old_version)
01082 {
01083 switch(old_version)
01084 {
01085 case RSBAC_AUTH_FD_OLD_ACI_VERSION:
01086 return auth_old_fd_conv;
01087 default:
01088 return NULL;
01089 }
01090 }
01091
01092 #endif
01093
01094
01095
01096
01097
01098
01099
01100
01101
01102
01103
01104
01105 static int register_fd_lists(struct rsbac_device_list_item_t * device_p,
01106 kdev_t kdev)
01107 {
01108 char * name;
01109 int err = 0;
01110 int tmperr;
01111 u_int file_no;
01112 struct rsbac_list_info_t * info_p;
01113 if(!device_p)
01114 return(-RSBAC_EINVALIDPOINTER);
01115 name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01116 if(!name)
01117 return -RSBAC_ENOMEM;
01118 info_p = rsbac_kmalloc(sizeof(*info_p));
01119 if(!info_p)
01120 {
01121 rsbac_kfree(name);
01122 return -RSBAC_ENOMEM;
01123 }
01124
01125
01126 {
01127 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
01128 {
01129
01130 sprintf(name, "%s%u", RSBAC_GEN_FD_NAME, file_no);
01131 info_p->version = RSBAC_GEN_FD_ACI_VERSION;
01132 info_p->key = RSBAC_GEN_FD_ACI_KEY;
01133 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01134 info_p->data_size = sizeof(struct rsbac_gen_fd_aci_t);
01135 info_p->max_age = 0;
01136 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01137 &(device_p->handles.gen[file_no]),
01138 info_p,
01139 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01140 rsbac_list_compare_u32,
01141 gen_fd_get_conv,
01142 &def_gen_fd_aci,
01143 name,
01144 kdev);
01145 if(tmperr)
01146 {
01147 char * tmp;
01148
01149 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01150 if(tmp)
01151 {
01152 rsbac_printk(KERN_WARNING
01153 "register_fd_lists(): registering general list %u for device %02u:%02u failed with error %s!\n",
01154 file_no,
01155 RSBAC_MAJOR(kdev),
01156 RSBAC_MINOR(kdev),
01157 get_error_name(tmp, tmperr));
01158 rsbac_kfree(tmp);
01159 }
01160 err = tmperr;
01161 }
01162 }
01163 }
01164
01165 #if defined(CONFIG_RSBAC_MAC)
01166 {
01167
01168 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
01169 {
01170
01171 sprintf(name, "%s%u", RSBAC_MAC_FD_NAME, file_no);
01172 info_p->version = RSBAC_MAC_FD_ACI_VERSION;
01173 info_p->key = RSBAC_MAC_FD_ACI_KEY;
01174 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01175 info_p->data_size = sizeof(struct rsbac_mac_fd_aci_t);
01176 info_p->max_age = 0;
01177 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01178 &(device_p->handles.mac[file_no]),
01179 info_p,
01180 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01181 rsbac_list_compare_u32,
01182 mac_fd_get_conv,
01183 &def_mac_fd_aci,
01184 name,
01185 kdev);
01186 if(tmperr)
01187 {
01188 char * tmp;
01189
01190 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01191 if(tmp)
01192 {
01193 rsbac_printk(KERN_WARNING
01194 "register_fd_lists(): registering MAC list %u for device %02u:%02u failed with error %s!\n",
01195 file_no,
01196 RSBAC_MAJOR(kdev),
01197 RSBAC_MINOR(kdev),
01198 get_error_name(tmp, tmperr));
01199 rsbac_kfree(tmp);
01200 }
01201 err = tmperr;
01202 }
01203 }
01204 }
01205 #endif
01206
01207 #if defined(CONFIG_RSBAC_PM)
01208 {
01209
01210 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
01211 {
01212
01213 sprintf(name, "%s%u", RSBAC_PM_FD_NAME, file_no);
01214 info_p->version = RSBAC_PM_FD_ACI_VERSION;
01215 info_p->key = RSBAC_PM_FD_ACI_KEY;
01216 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01217 info_p->data_size = sizeof(struct rsbac_pm_fd_aci_t);
01218 info_p->max_age = 0;
01219 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01220 &(device_p->handles.pm[file_no]),
01221 info_p,
01222 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01223 rsbac_list_compare_u32,
01224 NULL,
01225 &def_pm_fd_aci,
01226 name,
01227 kdev);
01228 if(tmperr)
01229 {
01230 char * tmp;
01231
01232 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01233 if(tmp)
01234 {
01235 rsbac_printk(KERN_WARNING
01236 "register_fd_lists(): registering PM list %u for device %02u:%02u failed with error %s!\n",
01237 file_no,
01238 RSBAC_MAJOR(kdev),
01239 RSBAC_MINOR(kdev),
01240 get_error_name(tmp, tmperr));
01241 rsbac_kfree(tmp);
01242 }
01243 err = tmperr;
01244 }
01245 }
01246 }
01247 #endif
01248
01249 #if defined(CONFIG_RSBAC_DAZ)
01250 {
01251 struct rsbac_daz_fd_aci_t def_daz_fd_aci = DEFAULT_DAZ_FD_ACI;
01252
01253 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
01254 {
01255
01256 sprintf(name, "%s%u", RSBAC_DAZ_FD_NAME, file_no);
01257 info_p->version = RSBAC_DAZ_FD_ACI_VERSION;
01258 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01259 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01260 info_p->data_size = sizeof(struct rsbac_daz_fd_aci_t);
01261 info_p->max_age = 0;
01262 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01263 &(device_p->handles.daz[file_no]),
01264 info_p,
01265 RSBAC_LIST_PERSIST |
01266 RSBAC_LIST_DEF_DATA,
01267 rsbac_list_compare_u32,
01268 NULL,
01269 &def_daz_fd_aci,
01270 name,
01271 kdev);
01272 if(tmperr)
01273 {
01274 char * tmp;
01275
01276 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01277 if(tmp)
01278 {
01279 rsbac_printk(KERN_WARNING
01280 "register_fd_lists(): registering DAZ list %u for device %02u:%02u failed with error %s!\n",
01281 file_no,
01282 RSBAC_MAJOR(kdev),
01283 RSBAC_MINOR(kdev),
01284 get_error_name(tmp, tmperr));
01285 rsbac_kfree(tmp);
01286 }
01287 err = tmperr;
01288 }
01289 }
01290 }
01291 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01292 {
01293 rsbac_daz_scanned_t def_daz_scanned_fd_aci = DEFAULT_DAZ_FD_SCANNED;
01294
01295
01296 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
01297 {
01298
01299 sprintf(name, "%s%u", RSBAC_DAZ_SCANNED_FD_NAME, file_no);
01300 info_p->version = RSBAC_DAZ_SCANNED_FD_ACI_VERSION;
01301 info_p->key = RSBAC_DAZ_FD_ACI_KEY;
01302 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01303 info_p->data_size = sizeof(rsbac_daz_scanned_t);
01304 info_p->max_age = 0;
01305 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01306 &(device_p->handles.dazs[file_no]),
01307 info_p,
01308 #ifdef CONFIG_RSBAC_DAZ_PERSIST
01309 RSBAC_LIST_PERSIST |
01310 #endif
01311 RSBAC_LIST_DEF_DATA,
01312 rsbac_list_compare_u32,
01313 NULL,
01314 &def_daz_scanned_fd_aci,
01315 name,
01316 kdev);
01317 if(tmperr)
01318 {
01319 char * tmp;
01320
01321 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01322 if(tmp)
01323 {
01324 rsbac_printk(KERN_WARNING
01325 "register_fd_lists(): registering DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01326 file_no,
01327 RSBAC_MAJOR(kdev),
01328 RSBAC_MINOR(kdev),
01329 get_error_name(tmp, tmperr));
01330 rsbac_kfree(tmp);
01331 }
01332 err = tmperr;
01333 }
01334 }
01335 }
01336 #endif
01337 #endif
01338
01339 #if defined(CONFIG_RSBAC_FF)
01340 {
01341 rsbac_ff_flags_t def_ff_fd_aci = RSBAC_FF_DEF;
01342
01343
01344 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
01345 {
01346
01347 sprintf(name, "%s%u", RSBAC_FF_FD_NAME, file_no);
01348 info_p->version = RSBAC_FF_FD_ACI_VERSION;
01349 info_p->key = RSBAC_FF_FD_ACI_KEY;
01350 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01351 info_p->data_size = sizeof(rsbac_ff_flags_t);
01352 info_p->max_age = 0;
01353 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01354 &(device_p->handles.ff[file_no]),
01355 info_p,
01356 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01357 rsbac_list_compare_u32,
01358 NULL,
01359 &def_ff_fd_aci,
01360 name,
01361 kdev);
01362 if(tmperr)
01363 {
01364 char * tmp;
01365
01366 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01367 if(tmp)
01368 {
01369 rsbac_printk(KERN_WARNING
01370 "register_fd_lists(): registering FF list %u for device %02u:%02u failed with error %s!\n",
01371 file_no,
01372 RSBAC_MAJOR(kdev),
01373 RSBAC_MINOR(kdev),
01374 get_error_name(tmp, tmperr));
01375 rsbac_kfree(tmp);
01376 }
01377 err = tmperr;
01378 }
01379 }
01380 }
01381 #endif
01382
01383 #if defined(CONFIG_RSBAC_RC)
01384 {
01385
01386 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
01387 {
01388
01389 sprintf(name, "%s%u", RSBAC_RC_FD_NAME, file_no);
01390 info_p->version = RSBAC_RC_FD_ACI_VERSION;
01391 info_p->key = RSBAC_RC_FD_ACI_KEY;
01392 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01393 info_p->data_size = sizeof(struct rsbac_rc_fd_aci_t);
01394 info_p->max_age = 0;
01395 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01396 &(device_p->handles.rc[file_no]),
01397 info_p,
01398 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01399 rsbac_list_compare_u32,
01400 NULL,
01401 &def_rc_fd_aci,
01402 name,
01403 kdev);
01404 if(tmperr)
01405 {
01406 char * tmp;
01407
01408 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01409 if(tmp)
01410 {
01411 rsbac_printk(KERN_WARNING
01412 "register_fd_lists(): registering RC list %u for device %02u:%02u failed with error %s!\n",
01413 file_no,
01414 RSBAC_MAJOR(kdev),
01415 RSBAC_MINOR(kdev),
01416 get_error_name(tmp, tmperr));
01417 rsbac_kfree(tmp);
01418 }
01419 err = tmperr;
01420 }
01421 }
01422 }
01423 #endif
01424
01425 #if defined(CONFIG_RSBAC_AUTH)
01426 {
01427 struct rsbac_auth_fd_aci_t def_auth_fd_aci = DEFAULT_AUTH_FD_ACI;
01428
01429
01430 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
01431 {
01432
01433 sprintf(name, "%s%u", RSBAC_AUTH_FD_NAME, file_no);
01434 info_p->version = RSBAC_AUTH_FD_ACI_VERSION;
01435 info_p->key = RSBAC_AUTH_FD_ACI_KEY;
01436 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01437 info_p->data_size = sizeof(struct rsbac_auth_fd_aci_t);
01438 info_p->max_age = 0;
01439 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01440 &(device_p->handles.auth[file_no]),
01441 info_p,
01442 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01443 rsbac_list_compare_u32,
01444 auth_fd_get_conv,
01445 &def_auth_fd_aci,
01446 name,
01447 kdev);
01448 if(tmperr)
01449 {
01450 char * tmp;
01451
01452 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01453 if(tmp)
01454 {
01455 rsbac_printk(KERN_WARNING
01456 "register_fd_lists(): registering AUTH list %u for device %02u:%02u failed with error %s!\n",
01457 file_no,
01458 RSBAC_MAJOR(kdev),
01459 RSBAC_MINOR(kdev),
01460 get_error_name(tmp, tmperr));
01461 rsbac_kfree(tmp);
01462 }
01463 err = tmperr;
01464 }
01465 }
01466 }
01467 #endif
01468
01469 #if defined(CONFIG_RSBAC_CAP)
01470 {
01471 struct rsbac_cap_fd_aci_t def_cap_fd_aci = DEFAULT_CAP_FD_ACI;
01472
01473
01474 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
01475 {
01476
01477 sprintf(name, "%s%u", RSBAC_CAP_FD_NAME, file_no);
01478 info_p->version = RSBAC_CAP_FD_ACI_VERSION;
01479 info_p->key = RSBAC_CAP_FD_ACI_KEY;
01480 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01481 info_p->data_size = sizeof(struct rsbac_cap_fd_aci_t);
01482 info_p->max_age = 0;
01483 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01484 &(device_p->handles.cap[file_no]),
01485 info_p,
01486 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01487 rsbac_list_compare_u32,
01488 NULL,
01489 &def_cap_fd_aci,
01490 name,
01491 kdev);
01492 if(tmperr)
01493 {
01494 char * tmp;
01495
01496 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01497 if(tmp)
01498 {
01499 rsbac_printk(KERN_WARNING
01500 "register_fd_lists(): registering CAP list %u for device %02u:%02u failed with error %s!\n",
01501 file_no,
01502 RSBAC_MAJOR(kdev),
01503 RSBAC_MINOR(kdev),
01504 get_error_name(tmp, tmperr));
01505 rsbac_kfree(tmp);
01506 }
01507 err = tmperr;
01508 }
01509 }
01510 }
01511 #endif
01512
01513 #if defined(CONFIG_RSBAC_PAX)
01514 {
01515 rsbac_pax_flags_t def_pax_fd_aci;
01516
01517 #ifdef CONFIG_RSBAC_PAX_DEFAULT
01518 def_pax_fd_aci = 0;
01519 #ifdef CONFIG_RSBAC_PAX_PAGEEXEC
01520 def_pax_fd_aci |= PF_PAX_PAGEEXEC;
01521 #endif
01522 #ifdef CONFIG_RSBAC_PAX_EMUTRAMP
01523 def_pax_fd_aci |= PF_PAX_EMUTRAMP;
01524 #endif
01525 #ifdef CONFIG_RSBAC_PAX_MPROTECT
01526 def_pax_fd_aci |= PF_PAX_MPROTECT;
01527 #endif
01528 #ifdef CONFIG_RSBAC_PAX_RANDMMAP
01529 def_pax_fd_aci |= PF_PAX_RANDMMAP;
01530 #endif
01531 #ifdef CONFIG_RSBAC_PAX_RANDEXEC
01532 def_pax_fd_aci |= PF_PAX_RANDEXEC;
01533 #endif
01534 #ifdef CONFIG_RSBAC_PAX_SEGMEXEC
01535 def_pax_fd_aci |= PF_PAX_SEGMEXEC;
01536 #endif
01537
01538 #else
01539 def_pax_fd_aci = RSBAC_PAX_DEF_FLAGS;
01540 #endif
01541
01542 info_p->version = RSBAC_PAX_FD_ACI_VERSION;
01543 info_p->key = RSBAC_PAX_FD_ACI_KEY;
01544 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01545 info_p->data_size = sizeof(rsbac_pax_flags_t);
01546 info_p->max_age = 0;
01547
01548 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
01549 {
01550
01551 sprintf(name, "%s%u", RSBAC_PAX_FD_NAME, file_no);
01552 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01553 &(device_p->handles.pax[file_no]),
01554 info_p,
01555 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01556 rsbac_list_compare_u32,
01557 NULL,
01558 &def_pax_fd_aci,
01559 name,
01560 kdev);
01561 if(tmperr)
01562 {
01563 char * tmp;
01564
01565 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01566 if(tmp)
01567 {
01568 rsbac_printk(KERN_WARNING
01569 "register_fd_lists(): registering PAX list %u for device %02u:%02u failed with error %s!\n",
01570 file_no,
01571 RSBAC_MAJOR(kdev),
01572 RSBAC_MINOR(kdev),
01573 get_error_name(tmp, tmperr));
01574 rsbac_kfree(tmp);
01575 }
01576 err = tmperr;
01577 }
01578 }
01579 }
01580 #endif
01581
01582 #if defined(CONFIG_RSBAC_RES)
01583 {
01584
01585 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
01586 {
01587
01588 sprintf(name, "%s%u", RSBAC_RES_FD_NAME, file_no);
01589 info_p->version = RSBAC_RES_FD_ACI_VERSION;
01590 info_p->key = RSBAC_RES_FD_ACI_KEY;
01591 info_p->desc_size = sizeof(rsbac_inode_nr_t);
01592 info_p->data_size = sizeof(struct rsbac_res_fd_aci_t);
01593 info_p->max_age = 0;
01594 tmperr = rsbac_list_register(RSBAC_LIST_VERSION,
01595 &(device_p->handles.res[file_no]),
01596 info_p,
01597 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
01598 rsbac_list_compare_u32,
01599 NULL,
01600 &def_res_fd_aci,
01601 name,
01602 kdev);
01603 if(tmperr)
01604 {
01605 char * tmp;
01606
01607 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01608 if(tmp)
01609 {
01610 rsbac_printk(KERN_WARNING
01611 "register_fd_lists(): registering RES list %u for device %02u:%02u failed with error %s!\n",
01612 file_no,
01613 RSBAC_MAJOR(kdev),
01614 RSBAC_MINOR(kdev),
01615 get_error_name(tmp, tmperr));
01616 rsbac_kfree(tmp);
01617 }
01618 err = tmperr;
01619 }
01620 }
01621 }
01622 #endif
01623
01624 rsbac_kfree(name);
01625 rsbac_kfree(info_p);
01626 return err;
01627 }
01628
01629
01630
01631
01632 static int aci_detach_fd_lists(struct rsbac_device_list_item_t * device_p)
01633 {
01634 int err = 0;
01635 int tmperr;
01636 u_int file_no;
01637
01638 if(!device_p)
01639 return(-RSBAC_EINVALIDPOINTER);
01640
01641
01642 for (file_no = 0; file_no < RSBAC_GEN_NR_FD_LISTS; file_no++)
01643 {
01644 tmperr = rsbac_list_detach(&device_p->handles.gen[file_no],
01645 RSBAC_GEN_FD_ACI_KEY);
01646 if(tmperr)
01647 {
01648 char * tmp;
01649
01650 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01651 if(tmp)
01652 {
01653 rsbac_printk(KERN_WARNING
01654 "detach_fd_lists(): detaching from general list %u for device %02u:%02u failed with error %s!\n",
01655 file_no,
01656 RSBAC_MAJOR(device_p->id),
01657 RSBAC_MINOR(device_p->id),
01658 get_error_name(tmp, tmperr));
01659 rsbac_kfree(tmp);
01660 }
01661 err = tmperr;
01662 }
01663 }
01664
01665 #if defined(CONFIG_RSBAC_MAC)
01666
01667 for (file_no = 0; file_no < RSBAC_MAC_NR_FD_LISTS; file_no++)
01668 {
01669 tmperr = rsbac_list_detach(&device_p->handles.mac[file_no],
01670 RSBAC_MAC_FD_ACI_KEY);
01671 if(tmperr)
01672 {
01673 char * tmp;
01674
01675 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01676 if(tmp)
01677 {
01678 rsbac_printk(KERN_WARNING
01679 "detach_fd_lists(): detaching from MAC list %u for device %02u:%02u failed with error %s!\n",
01680 file_no,
01681 RSBAC_MAJOR(device_p->id),
01682 RSBAC_MINOR(device_p->id),
01683 get_error_name(tmp, tmperr));
01684 rsbac_kfree(tmp);
01685 }
01686 err = tmperr;
01687 }
01688 }
01689 #endif
01690
01691 #if defined(CONFIG_RSBAC_PM)
01692
01693 for (file_no = 0; file_no < RSBAC_PM_NR_FD_LISTS; file_no++)
01694 {
01695 tmperr = rsbac_list_detach(&device_p->handles.pm[file_no],
01696 RSBAC_PM_FD_ACI_KEY);
01697 if(tmperr)
01698 {
01699 char * tmp;
01700
01701 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01702 if(tmp)
01703 {
01704 rsbac_printk(KERN_WARNING
01705 "detach_fd_lists(): detaching from PM list %u for device %02u:%02u failed with error %s!\n",
01706 file_no,
01707 RSBAC_MAJOR(device_p->id),
01708 RSBAC_MINOR(device_p->id),
01709 get_error_name(tmp, tmperr));
01710 rsbac_kfree(tmp);
01711 }
01712 err = tmperr;
01713 }
01714 }
01715 #endif
01716
01717 #if defined(CONFIG_RSBAC_DAZ)
01718
01719 for (file_no = 0; file_no < RSBAC_DAZ_NR_FD_LISTS; file_no++)
01720 {
01721 tmperr = rsbac_list_detach(&device_p->handles.daz[file_no],
01722 RSBAC_DAZ_FD_ACI_KEY);
01723 if(tmperr)
01724 {
01725 char * tmp;
01726
01727 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01728 if(tmp)
01729 {
01730 rsbac_printk(KERN_WARNING
01731 "detach_fd_lists(): detaching from DAZ list %u for device %02u:%02u failed with error %s!\n",
01732 file_no,
01733 RSBAC_MAJOR(device_p->id),
01734 RSBAC_MINOR(device_p->id),
01735 get_error_name(tmp, tmperr));
01736 rsbac_kfree(tmp);
01737 }
01738 err = tmperr;
01739 }
01740 }
01741 #if defined(CONFIG_RSBAC_DAZ_CACHE)
01742
01743 for (file_no = 0; file_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; file_no++)
01744 {
01745 tmperr = rsbac_list_detach(&device_p->handles.dazs[file_no],
01746 RSBAC_DAZ_FD_ACI_KEY);
01747 if(tmperr)
01748 {
01749 char * tmp;
01750
01751 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01752 if(tmp)
01753 {
01754 rsbac_printk(KERN_WARNING
01755 "detach_fd_lists(): detaching from DAZ scanned list %u for device %02u:%02u failed with error %s!\n",
01756 file_no,
01757 RSBAC_MAJOR(device_p->id),
01758 RSBAC_MINOR(device_p->id),
01759 get_error_name(tmp, tmperr));
01760 rsbac_kfree(tmp);
01761 }
01762 err = tmperr;
01763 }
01764 }
01765 #endif
01766 #endif
01767
01768 #if defined(CONFIG_RSBAC_FF)
01769
01770 for (file_no = 0; file_no < RSBAC_FF_NR_FD_LISTS; file_no++)
01771 {
01772 tmperr = rsbac_list_detach(&device_p->handles.ff[file_no],
01773 RSBAC_FF_FD_ACI_KEY);
01774 if(tmperr)
01775 {
01776 char * tmp;
01777
01778 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01779 if(tmp)
01780 {
01781 rsbac_printk(KERN_WARNING
01782 "detach_fd_lists(): detaching from FF list %u for device %02u:%02u failed with error %s!\n",
01783 file_no,
01784 RSBAC_MAJOR(device_p->id),
01785 RSBAC_MINOR(device_p->id),
01786 get_error_name(tmp, tmperr));
01787 rsbac_kfree(tmp);
01788 }
01789 err = tmperr;
01790 }
01791 }
01792 #endif
01793
01794 #if defined(CONFIG_RSBAC_RC)
01795
01796 for (file_no = 0; file_no < RSBAC_RC_NR_FD_LISTS; file_no++)
01797 {
01798 tmperr = rsbac_list_detach(&device_p->handles.rc[file_no],
01799 RSBAC_RC_FD_ACI_KEY);
01800 if(tmperr)
01801 {
01802 char * tmp;
01803
01804 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01805 if(tmp)
01806 {
01807 rsbac_printk(KERN_WARNING
01808 "detach_fd_lists(): detaching from RC list %u for device %02u:%02u failed with error %s!\n",
01809 file_no,
01810 RSBAC_MAJOR(device_p->id),
01811 RSBAC_MINOR(device_p->id),
01812 get_error_name(tmp, tmperr));
01813 rsbac_kfree(tmp);
01814 }
01815 err = tmperr;
01816 }
01817 }
01818 #endif
01819
01820 #if defined(CONFIG_RSBAC_AUTH)
01821
01822 for (file_no = 0; file_no < RSBAC_AUTH_NR_FD_LISTS; file_no++)
01823 {
01824 tmperr = rsbac_list_detach(&device_p->handles.auth[file_no],
01825 RSBAC_AUTH_FD_ACI_KEY);
01826 if(tmperr)
01827 {
01828 char * tmp;
01829
01830 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01831 if(tmp)
01832 {
01833 rsbac_printk(KERN_WARNING
01834 "detach_fd_lists(): detaching from AUTH list %u for device %02u:%02u failed with error %s!\n",
01835 file_no,
01836 RSBAC_MAJOR(device_p->id),
01837 RSBAC_MINOR(device_p->id),
01838 get_error_name(tmp, tmperr));
01839 rsbac_kfree(tmp);
01840 }
01841 err = tmperr;
01842 }
01843 }
01844 #endif
01845
01846 #if defined(CONFIG_RSBAC_CAP)
01847
01848 for (file_no = 0; file_no < RSBAC_CAP_NR_FD_LISTS; file_no++)
01849 {
01850 tmperr = rsbac_list_detach(&device_p->handles.cap[file_no],
01851 RSBAC_CAP_FD_ACI_KEY);
01852 if(tmperr)
01853 {
01854 char * tmp;
01855
01856 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01857 if(tmp)
01858 {
01859 rsbac_printk(KERN_WARNING
01860 "detach_fd_lists(): detaching from CAP list %u for device %02u:%02u failed with error %s!\n",
01861 file_no,
01862 RSBAC_MAJOR(device_p->id),
01863 RSBAC_MINOR(device_p->id),
01864 get_error_name(tmp, tmperr));
01865 rsbac_kfree(tmp);
01866 }
01867 err = tmperr;
01868 }
01869 }
01870 #endif
01871
01872 #if defined(CONFIG_RSBAC_PAX)
01873
01874 for (file_no = 0; file_no < RSBAC_PAX_NR_FD_LISTS; file_no++)
01875 {
01876 tmperr = rsbac_list_detach(&device_p->handles.pax[file_no],
01877 RSBAC_PAX_FD_ACI_KEY);
01878 if(tmperr)
01879 {
01880 char * tmp;
01881
01882 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01883 if(tmp)
01884 {
01885 rsbac_printk(KERN_WARNING
01886 "detach_fd_lists(): detaching from PAX list %u for device %02u:%02u failed with error %s!\n",
01887 file_no,
01888 RSBAC_MAJOR(device_p->id),
01889 RSBAC_MINOR(device_p->id),
01890 get_error_name(tmp, tmperr));
01891 rsbac_kfree(tmp);
01892 }
01893 err = tmperr;
01894 }
01895 }
01896 #endif
01897
01898 #if defined(CONFIG_RSBAC_RES)
01899
01900 for (file_no = 0; file_no < RSBAC_RES_NR_FD_LISTS; file_no++)
01901 {
01902 tmperr = rsbac_list_detach(&device_p->handles.res[file_no],
01903 RSBAC_RES_FD_ACI_KEY);
01904 if(tmperr)
01905 {
01906 char * tmp;
01907
01908 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
01909 if(tmp)
01910 {
01911 rsbac_printk(KERN_WARNING
01912 "detach_fd_lists(): detaching from RES list %u for device %02u:%02u failed with error %s!\n",
01913 file_no,
01914 RSBAC_MAJOR(device_p->id),
01915 RSBAC_MINOR(device_p->id),
01916 get_error_name(tmp, tmperr));
01917 rsbac_kfree(tmp);
01918 }
01919 err = tmperr;
01920 }
01921 }
01922 #endif
01923
01924 return err;
01925 }
01926
01927
01928
01929 static struct rsbac_device_list_item_t
01930 * create_device_item(struct super_block * sb_p, struct dentry * d_covers)
01931 {
01932 struct rsbac_device_list_item_t * new_item_p;
01933
01934 if(!sb_p)
01935 return NULL;
01936
01937 if ( !(new_item_p = (struct rsbac_device_list_item_t *)
01938 rsbac_kmalloc(sizeof(*new_item_p)) ) )
01939 return(NULL);
01940
01941 memset(new_item_p, 0, sizeof(*new_item_p));
01942 new_item_p->id = sb_p->s_dev;
01943 new_item_p->sb_p = sb_p;
01944 new_item_p->d_covers = d_covers;
01945 new_item_p->mount_count = 1;
01946
01947 return(new_item_p);
01948 }
01949
01950
01951 static struct rsbac_device_list_item_t
01952 * add_device_item(struct rsbac_device_list_item_t * device_p)
01953 {
01954 if (!device_p)
01955 return(NULL);
01956
01957
01958 if (!device_list_head.head)
01959 {
01960 device_list_head.head=device_p;
01961 device_list_head.tail=device_p;
01962 device_list_head.curr=device_p;
01963 device_list_head.count=1;
01964 device_p->prev=NULL;
01965 device_p->next=NULL;
01966 }
01967 else
01968 {
01969 device_p->prev=device_list_head.tail;
01970 device_p->next=NULL;
01971 device_list_head.tail->next=device_p;
01972 device_list_head.tail=device_p;
01973 device_list_head.curr=device_p;
01974 device_list_head.count++;
01975 }
01976 return(device_p);
01977 }
01978
01979
01980
01981
01982
01983
01984
01985
01986 static void clear_device_item(struct rsbac_device_list_item_t * item_p)
01987 {
01988 if(!item_p)
01989 return;
01990
01991
01992 if(item_p->rsbac_dir_dentry_p)
01993 dput(item_p->rsbac_dir_dentry_p);
01994
01995 rsbac_kfree(item_p);
01996 }
01997
01998 static void remove_device_item(kdev_t kdev)
01999 {
02000 struct rsbac_device_list_item_t * item_p;
02001
02002
02003 if ( (item_p = lookup_device(kdev)) )
02004 {
02005 if (device_list_head.head == item_p)
02006 {
02007 if (device_list_head.tail == item_p)
02008 {
02009 device_list_head.head = NULL;
02010 device_list_head.tail = NULL;
02011 }
02012 else
02013 {
02014 item_p->next->prev = NULL;
02015 device_list_head.head = item_p->next;
02016 }
02017 }
02018 else
02019 {
02020 if (device_list_head.tail == item_p)
02021 {
02022 item_p->prev->next = NULL;
02023 device_list_head.tail = item_p->prev;
02024 }
02025 else
02026 {
02027 item_p->prev->next = item_p->next;
02028 item_p->next->prev = item_p->prev;
02029 }
02030 }
02031
02032
02033 device_list_head.curr=NULL;
02034
02035 device_list_head.count--;
02036
02037
02038 aci_detach_fd_lists(item_p);
02039
02040
02041 clear_device_item(item_p);
02042 }
02043
02044 }
02045
02046
02047
02048
02049
02050
02051 static int rsbac_clear_file(struct dentry *dentry)
02052 {
02053 struct inode *inode = dentry->d_inode;
02054 int error;
02055 struct iattr newattrs;
02056
02057 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02058 mutex_lock(&inode->i_mutex);
02059 #else
02060 down(&inode->i_sem);
02061 #endif
02062 newattrs.ia_size = 0;
02063 newattrs.ia_valid = ATTR_SIZE | ATTR_CTIME;
02064 error = notify_change(dentry, &newattrs);
02065 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02066 mutex_unlock(&inode->i_mutex);
02067 #else
02068 up(&inode->i_sem);
02069 #endif
02070 return error;
02071 }
02072
02073 static void wakeup_auto(u_long dummy)
02074 {
02075 wake_up((void *) dummy);
02076 }
02077
02078 #if defined(CONFIG_RSBAC_REG)
02079 EXPORT_SYMBOL(rsbac_get_super_block);
02080 #endif
02081 struct super_block * rsbac_get_super_block(kdev_t kdev)
02082 {
02083 struct rsbac_device_list_item_t * device_p;
02084 u_long dflags;
02085 struct super_block * sb_p;
02086
02087 if(RSBAC_IS_AUTO_DEV(kdev))
02088 return NULL;
02089
02090
02091 rsbac_read_lock(&device_list_head.lock, &dflags);
02092 device_p = lookup_device(kdev);
02093 if (!device_p)
02094 {
02095 rsbac_read_unlock(&device_list_head.lock, &dflags);
02096 down(&rsbac_write_sem);
02097 up(&rsbac_write_sem);
02098 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02099 sb_p = user_get_super(kdev);
02100 #else
02101 sb_p = get_super(kdev);
02102 #endif
02103 if(!sb_p)
02104 {
02105 DECLARE_WAIT_QUEUE_HEAD(auto_wait);
02106 struct timer_list auto_timer;
02107
02108 rsbac_printk(KERN_INFO
02109 "rsbac_get_super_block(): device %02u:%02u not yet available, sleeping\n",
02110 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02111 init_timer(&auto_timer);
02112 auto_timer.function = wakeup_auto;
02113 auto_timer.data = (u_long) &auto_wait;
02114 auto_timer.expires = jiffies + HZ;
02115 add_timer(&auto_timer);
02116 interruptible_sleep_on(&auto_wait);
02117
02118 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02119 sb_p = user_get_super(kdev);
02120 #else
02121 sb_p = get_super(kdev);
02122 #endif
02123 }
02124 if(sb_p)
02125 {
02126 device_p = lookup_device(kdev);
02127 if (!device_p)
02128 {
02129 rsbac_printk(KERN_INFO
02130 "rsbac_get_super_block(): auto-mounting device %02u:%02u\n",
02131 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02132 rsbac_mount(sb_p, NULL);
02133 }
02134
02135 drop_super(sb_p);
02136 rsbac_read_lock(&device_list_head.lock, &dflags);
02137 device_p = lookup_device(kdev);
02138 if (!device_p)
02139 {
02140 rsbac_printk(KERN_WARNING
02141 "rsbac_get_super_block(): unknown device %02u:%02u\n",
02142 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02143 rsbac_read_unlock(&device_list_head.lock, &dflags);
02144 return NULL;
02145 }
02146 }
02147 else
02148 {
02149 return NULL;
02150 }
02151 }
02152 sb_p = device_p->sb_p;
02153 rsbac_read_unlock(&device_list_head.lock, &dflags);
02154 return sb_p;
02155 }
02156
02157 #if defined(CONFIG_RSBAC_REG)
02158 EXPORT_SYMBOL(rsbac_read_open);
02159 #endif
02160 int rsbac_read_open(char * name,
02161 struct file * file_p,
02162 kdev_t kdev)
02163 {
02164 struct dentry * dir_dentry_p;
02165 struct dentry * file_dentry_p;
02166 int tmperr, err;
02167
02168 if(!name || !file_p)
02169 {
02170 #ifdef CONFIG_RSBAC_DEBUG
02171 if (rsbac_debug_ds)
02172 {
02173 rsbac_printk(KERN_DEBUG "rsbac_read_open(): called with NULL pointer!");
02174 }
02175 #endif
02176 return(-RSBAC_EINVALIDPOINTER);
02177 }
02178
02179
02180 if ((err=lookup_aci_path_dentry(NULL, &dir_dentry_p, FALSE, kdev)))
02181 {
02182 return(err);
02183 }
02184
02185
02186
02187 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02188 if (!file_dentry_p || IS_ERR (file_dentry_p))
02189 {
02190 return(-RSBAC_EREADFAILED);
02191 }
02192 if (!file_dentry_p->d_inode)
02193 {
02194 char * bname;
02195 int name_len = strlen(name);
02196
02197 dput(file_dentry_p);
02198 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02199 if(!bname)
02200 {
02201 return -RSBAC_ENOMEM;
02202 }
02203
02204 strcpy(bname,name);
02205 bname[name_len] = 'b';
02206 name_len++;
02207 bname[name_len] = (char) 0;
02208 #ifdef CONFIG_RSBAC_DEBUG
02209 if (rsbac_debug_ds)
02210 {
02211 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup file %s, trying backup %s\n",
02212 name,bname);
02213 }
02214 #endif
02215 file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
02216 rsbac_kfree(bname);
02217 if (!file_dentry_p || IS_ERR (file_dentry_p))
02218 {
02219 return(-RSBAC_EREADFAILED);
02220 }
02221 if (!file_dentry_p->d_inode)
02222 {
02223 #ifdef CONFIG_RSBAC_DEBUG
02224 if (rsbac_debug_ds)
02225 {
02226 rsbac_printk(KERN_DEBUG "rsbac_read_open(): could not lookup backup file %sb\n",
02227 name);
02228 }
02229 #endif
02230 dput(file_dentry_p);
02231 return(-RSBAC_ENOTFOUND);
02232 }
02233 }
02234 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
02235 {
02236 rsbac_printk(KERN_WARNING "rsbac_read_open(): expected file is not a file!\n");
02237 dput(file_dentry_p);
02238 return(-RSBAC_EREADFAILED);
02239 }
02240
02241
02242
02243 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY)))
02244 {
02245 dput(file_dentry_p);
02246 rsbac_printk(KERN_WARNING "rsbac_read_open(): could not open file '%s'!\n", name);
02247 return -RSBAC_EREADFAILED;
02248 }
02249
02250
02251 if ((!file_p->f_op) || (!file_p->f_op->read))
02252 {
02253 if (!file_p->f_op)
02254 {
02255 rsbac_printk(KERN_WARNING "rsbac_read_open(): no f_op for file '%s'!\n", name);
02256 }
02257 else
02258 {
02259 rsbac_printk(KERN_WARNING "rsbac_read_open(): no file read func for file '%s'!\n", name);
02260 if (file_p->f_op->release)
02261 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02262 }
02263 dput(file_dentry_p);
02264 return -RSBAC_EREADFAILED;
02265 }
02266 return 0;
02267 }
02268
02269
02270 #ifndef check_parent
02271 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02272 #define check_parent(dir, dentry) \
02273 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_bucket))
02274 #else
02275 #define check_parent(dir, dentry) \
02276 ((dir) == (dentry)->d_parent && !list_empty(&dentry->d_hash))
02277 #endif
02278 #endif
02279
02280 #if defined(CONFIG_RSBAC_REG)
02281 EXPORT_SYMBOL(rsbac_write_open);
02282 #endif
02283 int rsbac_write_open(char * name,
02284 struct file * file_p,
02285 kdev_t kdev)
02286 {
02287 struct dentry * dir_dentry_p = NULL;
02288 struct dentry * ldir_dentry_p = NULL;
02289 struct dentry * file_dentry_p = NULL;
02290 int err = 0;
02291 int tmperr = 0;
02292 struct super_block * sb_p;
02293
02294 if(!file_p || !name)
02295 {
02296 #ifdef CONFIG_RSBAC_DEBUG
02297 if (rsbac_debug_write)
02298 {
02299 rsbac_printk(KERN_DEBUG "rsbac_write_open(): called with NULL pointer!\n");
02300 }
02301 #endif
02302 return(-RSBAC_EINVALIDPOINTER);
02303 }
02304
02305
02306 sb_p = rsbac_get_super_block(kdev);
02307 if (!sb_p)
02308 {
02309 rsbac_printk(KERN_WARNING
02310 "rsbac_write_open(): invalid device %02u:%02u\n",
02311 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
02312 return (-RSBAC_EINVALIDDEV);
02313 }
02314 if(!writable(sb_p))
02315 {
02316 #ifdef CONFIG_RSBAC_DEBUG
02317 if (rsbac_debug_write)
02318 {
02319 rsbac_printk(KERN_DEBUG
02320 "rsbac_write_open(): called for non-writable device\n");
02321 }
02322 #endif
02323 err = -RSBAC_ENOTWRITABLE;
02324 goto out;
02325 }
02326
02327
02328
02329 if ((tmperr = lookup_aci_path_dentry(sb_p, &dir_dentry_p, TRUE,
02330 kdev)))
02331 {
02332 err = tmperr;
02333 goto out;
02334 }
02335
02336
02337
02338 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02339 if (!file_dentry_p || IS_ERR(file_dentry_p))
02340 {
02341 #ifdef CONFIG_RSBAC_DEBUG
02342 if (rsbac_debug_write)
02343 {
02344 rsbac_printk(KERN_DEBUG
02345 "rsbac_write_open(): lookup of %s returned error %li\n",
02346 name, PTR_ERR(file_dentry_p));
02347 }
02348 #endif
02349 err = -RSBAC_EWRITEFAILED;
02350 goto out;
02351 }
02352
02353 #if 1
02354 if (file_dentry_p->d_inode)
02355 {
02356 if ( !dir_dentry_p->d_inode->i_op
02357 || !dir_dentry_p->d_inode->i_op->rename)
02358 {
02359 rsbac_printk(KERN_WARNING
02360 "rsbac_write_open(): File system supports no rename - no backup of %s made!",
02361 name);
02362 }
02363 else
02364 {
02365 char * bname;
02366 int name_len = strlen(name);
02367 struct dentry * new_file_dentry_p = NULL;
02368 struct dentry * old_dir_p, * new_dir_p;
02369
02370 bname = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02371 if(!bname)
02372 {
02373 err = -RSBAC_ENOMEM;
02374 goto out_dput;
02375 }
02376 strcpy(bname,name);
02377 bname[name_len] = 'b';
02378 bname[name_len+1] = (char) 0;
02379 new_file_dentry_p = rsbac_lookup_one_len(bname, dir_dentry_p, strlen(bname));
02380 if(new_file_dentry_p && !IS_ERR(new_file_dentry_p))
02381 {
02382
02383 old_dir_p = dget(file_dentry_p->d_parent);
02384 new_dir_p = dget(new_file_dentry_p->d_parent);
02385 double_lock(new_dir_p, old_dir_p);
02386
02387 DQUOT_INIT(old_dir_p->d_inode);
02388 DQUOT_INIT(new_dir_p->d_inode);
02389
02390
02391
02392
02393 err = dir_dentry_p->d_inode->i_op->rename(old_dir_p->d_inode,
02394 file_dentry_p,
02395 new_dir_p->d_inode,
02396 new_file_dentry_p);
02397
02398 double_unlock(new_dir_p, old_dir_p);
02399 if(err)
02400 {
02401 rsbac_printk(KERN_WARNING
02402 "rsbac_write_open(): could not rename %s to %s on dev %02u:%02u, error %i - no backup!\n",
02403 name,bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
02404 }
02405 else
02406 {
02407
02408 if (!(sb_p->s_type->fs_flags & FS_ODD_RENAME))
02409 d_move(file_dentry_p, new_file_dentry_p);
02410 inode_dir_notify(old_dir_p->d_inode, DN_RENAME);
02411 }
02412 dput(new_file_dentry_p);
02413 dput(file_dentry_p);
02414
02415 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02416 if (!file_dentry_p || IS_ERR (file_dentry_p))
02417 {
02418 #ifdef CONFIG_RSBAC_DEBUG
02419 if (rsbac_debug_write)
02420 {
02421 rsbac_printk(KERN_DEBUG
02422 "rsbac_write_open(): relookup of %s returned error %li\n",
02423 name, PTR_ERR(file_dentry_p));
02424 }
02425 #endif
02426 err = -RSBAC_EWRITEFAILED;
02427 goto out;
02428 }
02429 if (file_dentry_p->d_inode)
02430 {
02431 rsbac_printk(KERN_WARNING
02432 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li, trying unlink\n",
02433 name, file_dentry_p->d_inode->i_ino);
02434
02435 if ( !dir_dentry_p->d_inode->i_op
02436 || !dir_dentry_p->d_inode->i_op->unlink)
02437 {
02438 rsbac_printk(KERN_WARNING
02439 "rsbac_write_open(): File system supports no unlink - %s not deleted!",
02440 name);
02441 rsbac_kfree(bname);
02442 err = -RSBAC_EWRITEFAILED;
02443 goto out_dput;
02444 }
02445 else
02446 {
02447 old_dir_p = lock_parent(file_dentry_p);
02448
02449 DQUOT_INIT(old_dir_p->d_inode);
02450 err = -ENOENT;
02451 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02452 if (check_parent(old_dir_p, file_dentry_p))
02453 {
02454 #endif
02455 err = dir_dentry_p->d_inode->i_op->unlink(old_dir_p->d_inode,
02456 file_dentry_p);
02457 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02458 }
02459 else
02460 {
02461 rsbac_printk(KERN_WARNING
02462 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, parent check failed!\n",
02463 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev));
02464 }
02465 #endif
02466
02467 unlock_dir(old_dir_p);
02468
02469 dput(file_dentry_p);
02470 if(err)
02471 {
02472 rsbac_printk(KERN_WARNING
02473 "rsbac_write_open(): could not unlink %s on dev %02u:%02u, error %i!\n",
02474 name, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), err);
02475 }
02476
02477 file_dentry_p = rsbac_lookup_one_len(name, dir_dentry_p, strlen(name));
02478 if (!file_dentry_p || IS_ERR (file_dentry_p))
02479 {
02480 #ifdef CONFIG_RSBAC_DEBUG
02481 if (rsbac_debug_write)
02482 {
02483 rsbac_printk(KERN_DEBUG
02484 "rsbac_write_open(): relookup of %s returned error %li\n",
02485 name, PTR_ERR(file_dentry_p));
02486 }
02487 #endif
02488 rsbac_kfree(bname);
02489 err = -RSBAC_EWRITEFAILED;
02490 goto out;
02491 }
02492 if (file_dentry_p->d_inode)
02493 {
02494 rsbac_printk(KERN_WARNING
02495 "rsbac_write_open(): relookup of %s returned dentry with existing inode %li\n",
02496 name, file_dentry_p->d_inode->i_ino);
02497 rsbac_kfree(bname);
02498 err = -RSBAC_EWRITEFAILED;
02499 goto out_dput;
02500 }
02501 }
02502 }
02503 }
02504 else
02505 {
02506 rsbac_printk(KERN_WARNING
02507 "rsbac_write_open(): rsbac_lookup_(dentry|one) for backup file %s on dev %02u:%02u failed with error %li - no backup!\n",
02508 bname, RSBAC_MAJOR(kdev),RSBAC_MINOR(kdev), PTR_ERR(new_file_dentry_p));
02509 }
02510 rsbac_kfree(bname);
02511 }
02512 }
02513 #endif
02514
02515 if(!file_dentry_p->d_inode)
02516 {
02517
02518 if ( !dir_dentry_p->d_inode->i_op
02519 || !dir_dentry_p->d_inode->i_op->create)
02520 {
02521 rsbac_printk(KERN_WARNING "%s\n",
02522 "rsbac_write_open(): File system supports no create!");
02523 err = -RSBAC_EWRITEFAILED;
02524 goto out_dput;
02525 }
02526
02527
02528 ldir_dentry_p = lock_parent(file_dentry_p);
02529 if(IS_ERR(ldir_dentry_p))
02530 {
02531 #ifdef CONFIG_RSBAC_DEBUG
02532 if (rsbac_debug_write)
02533 {
02534 rsbac_printk(KERN_DEBUG
02535 "rsbac_write_open(): lock_parent of %s returned error %li\n",
02536 name, PTR_ERR(ldir_dentry_p));
02537 }
02538 #endif
02539 err = -RSBAC_EWRITEFAILED;
02540 goto out_dput;
02541 }
02542 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
02543 if (!check_parent(ldir_dentry_p, file_dentry_p))
02544 {
02545 #ifdef CONFIG_RSBAC_DEBUG
02546 if (rsbac_debug_write)
02547 {
02548 rsbac_printk(KERN_DEBUG
02549 "rsbac_write_open(): check_parent of %s returned error\n",
02550 name);
02551 }
02552 #endif
02553 unlock_dir(ldir_dentry_p);
02554 err = -RSBAC_EWRITEFAILED;
02555 goto out_dput;
02556 }
02557 #endif
02558
02559
02560
02561
02562
02563 DQUOT_INIT(ldir_dentry_p->d_inode);
02564 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
02565 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
02566 file_dentry_p,
02567 RSBAC_ACI_FILE_MODE,
02568 NULL);
02569 #else
02570 err = dir_dentry_p->d_inode->i_op->create(ldir_dentry_p->d_inode,
02571 file_dentry_p,
02572 RSBAC_ACI_FILE_MODE);
02573 #endif
02574 unlock_dir(ldir_dentry_p);
02575
02576 if (err)
02577 {
02578 goto out_dput;
02579 }
02580
02581 }
02582
02583 if ( !(S_ISREG(file_dentry_p->d_inode->i_mode)) )
02584 {
02585 rsbac_printk(KERN_WARNING
02586 "rsbac_write_open(): expected file is not a file, mode is %o!\n",
02587 file_dentry_p->d_inode->i_mode);
02588 err = -RSBAC_EWRITEFAILED;
02589 goto out_dput;
02590 }
02591
02592
02593 if ((tmperr = init_private_file(file_p, file_dentry_p,O_RDONLY)))
02594 {
02595 rsbac_printk(KERN_WARNING "rsbac_write_open(): could not init file!\n");
02596 err = -RSBAC_EWRITEFAILED;
02597 goto out_dput;
02598 }
02599
02600
02601 if ((!file_p->f_op) || (!file_p->f_op->write))
02602 {
02603 rsbac_printk(KERN_WARNING
02604 "rsbac_write_open(): file write function missing!\n");
02605 if(file_p->f_op && file_p->f_op->release)
02606 {
02607 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02608 }
02609 err = -RSBAC_EWRITEFAILED;
02610 goto out_dput;
02611 }
02612
02613
02614
02615
02616
02617 if (get_write_access(file_dentry_p->d_inode))
02618 {
02619 rsbac_printk(KERN_WARNING
02620 "rsbac_write_open(): could not get write access!\n");
02621 if (file_p->f_op->release)
02622 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02623 err = -RSBAC_EWRITEFAILED;
02624 goto out_dput;
02625 }
02626
02627 if(rsbac_clear_file(file_dentry_p))
02628 {
02629 if (file_p->f_op->release)
02630 file_p->f_op->release(file_dentry_p->d_inode, file_p);
02631 put_write_access(file_dentry_p->d_inode);
02632 rsbac_printk(KERN_WARNING
02633 "rsbac_write_open(): could not truncate!\n");
02634 err = -RSBAC_EWRITEFAILED;
02635 goto out_dput;
02636 }
02637
02638 file_p->f_flags |= O_SYNC;
02639
02640 out:
02641 return err;
02642
02643 out_dput:
02644 dput(file_dentry_p);
02645 goto out;
02646 }
02647
02648
02649 #if defined(CONFIG_RSBAC_REG)
02650 EXPORT_SYMBOL(rsbac_read_close);
02651 #endif
02652 void rsbac_read_close(struct file * file_p)
02653 {
02654
02655 struct dentry * dentry = file_p->f_dentry;
02656 struct inode * inode = dentry->d_inode;
02657
02658 if (file_p->f_op && file_p->f_op->release)
02659 file_p->f_op->release(inode, file_p);
02660 file_p->f_dentry = NULL;
02661 if (file_p->f_mode & FMODE_WRITE)
02662 put_write_access(inode);
02663 dput(dentry);
02664 }
02665
02666 #if defined(CONFIG_RSBAC_REG)
02667 EXPORT_SYMBOL(rsbac_write_close);
02668 #endif
02669 void rsbac_write_close(struct file * file_p)
02670 {
02671 rsbac_read_close(file_p);
02672 }
02673
02674 #if defined(CONFIG_RSBAC_REG)
02675 EXPORT_SYMBOL(rsbac_get_full_path);
02676 #endif
02677 int rsbac_get_full_path(struct dentry * dentry_p, char path[], int maxlen)
02678 {
02679 int len=0;
02680 char * i_path;
02681 int tmplen=0;
02682 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02683 union rsbac_target_id_t i_tid;
02684 union rsbac_attribute_value_t i_attr_val;
02685 #endif
02686
02687 if(!dentry_p || !path)
02688 return -RSBAC_EINVALIDPOINTER;
02689 if(maxlen <= 0)
02690 return -RSBAC_EINVALIDVALUE;
02691 i_path = rsbac_kmalloc(maxlen + RSBAC_MAXNAMELEN);
02692 if(!i_path)
02693 return -RSBAC_ENOMEM;
02694
02695 path[0] = 0;
02696
02697 while(dentry_p && (len<maxlen) && dentry_p->d_name.len && dentry_p->d_name.name)
02698 {
02699 #ifdef CONFIG_RSBAC_LOG_PSEUDO_FS
02700 if( dentry_p->d_inode
02701 && dentry_p->d_parent
02702 && dentry_p->d_parent->d_inode
02703 && (i_tid.user = dentry_p->d_inode->i_uid)
02704 && (dentry_p->d_inode->i_uid != dentry_p->d_parent->d_inode->i_uid)
02705 && !rsbac_get_attr(GEN,T_USER,i_tid,A_pseudo,&i_attr_val,FALSE)
02706 && i_attr_val.pseudo
02707 )
02708 {
02709 if((maxlen-len) < 12)
02710 {
02711 rsbac_kfree(i_path);
02712 return(len);
02713 }
02714 tmplen = snprintf(i_path, 11, "%u", i_attr_val.pseudo);
02715 }
02716 else
02717 #endif
02718 {
02719 tmplen = dentry_p->d_name.len;
02720 if((tmplen+1) > (maxlen-len))
02721 {
02722 rsbac_kfree(i_path);
02723 return(len);
02724 }
02725 strncpy(i_path, dentry_p->d_name.name, tmplen);
02726 }
02727
02728
02729 if((i_path[tmplen-1] != '/') && (tmplen != 1)) {
02730 if(len && (i_path[tmplen-1] != '/')) {
02731 i_path[tmplen] = '/';
02732 tmplen++;
02733 }
02734 i_path[tmplen]=0;
02735
02736 strcat(i_path, path);
02737 strcpy(path, i_path);
02738 len += tmplen;
02739 }
02740 if( dentry_p->d_parent
02741 && (dentry_p->d_parent != dentry_p)
02742 && (dentry_p->d_sb->s_root != dentry_p)
02743 )
02744 dentry_p = dentry_p->d_parent;
02745 else
02746 {
02747 struct rsbac_device_list_item_t * device_p;
02748
02749 device_p = lookup_device(dentry_p->d_sb->s_dev);
02750 if( device_p
02751 && device_p->d_covers
02752 )
02753 dentry_p = device_p->d_covers;
02754 else
02755 break;
02756 }
02757 }
02758
02759 i_path[tmplen]=0;
02760 strcat(i_path, path);
02761 strcpy(path, i_path);
02762
02763 rsbac_kfree(i_path);
02764 return(len);
02765 }
02766
02767 #if defined(CONFIG_RSBAC_REG)
02768 EXPORT_SYMBOL(rsbac_get_full_path_length);
02769 #endif
02770 int rsbac_get_full_path_length(struct dentry * dentry_p)
02771 {
02772 int len=0;
02773 int tmplen=0;
02774
02775 if(!dentry_p)
02776 return -RSBAC_EINVALIDPOINTER;
02777
02778 while(dentry_p && dentry_p->d_name.len && dentry_p->d_name.name)
02779 {
02780 tmplen = dentry_p->d_name.len;
02781 if(len && (dentry_p->d_name.name[tmplen-1] != '/'))
02782 {
02783 tmplen++;
02784 }
02785 len += tmplen;
02786 if( dentry_p->d_parent
02787 && (dentry_p->d_parent != dentry_p)
02788 && (dentry_p->d_sb->s_root != dentry_p)
02789 )
02790 dentry_p = dentry_p->d_parent;
02791 else
02792 {
02793 struct rsbac_device_list_item_t * device_p;
02794
02795 device_p = lookup_device(dentry_p->d_sb->s_dev);
02796 if( device_p
02797 && device_p->d_covers
02798 )
02799 dentry_p = device_p->d_covers;
02800 else
02801 break;
02802 }
02803 }
02804 return(len);
02805 }
02806
02807
02808
02809
02810
02811 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
02812 static int
02813 devices_proc_info(char *buffer, char **start, off_t offset, int length)
02814 {
02815 int len = 0;
02816 off_t pos = 0;
02817 off_t begin = 0;
02818 struct rsbac_device_list_item_t * device_p;
02819 u_long dflags;
02820
02821 if (!rsbac_initialized) return (-ENOSYS);
02822
02823 len += sprintf(buffer, "%u RSBAC Devices\n---------------\n",
02824 device_list_head.count);
02825
02826
02827 rsbac_read_lock(&device_list_head.lock, &dflags);
02828
02829 for (device_p = device_list_head.head; device_p; device_p = device_p->next)
02830 {
02831 if(device_p->sb_p && device_p->sb_p->s_type && device_p->sb_p->s_type->name)
02832 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u, d_covers = %p, fs_type = %s\n",
02833 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
02834 device_p->mount_count,
02835 device_p->d_covers,
02836 device_p->sb_p->s_type->name);
02837 else
02838 len += sprintf(buffer + len, "%02u:%02u with mount_count = %u, d_covers = %p\n",
02839 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id),
02840 device_p->mount_count,
02841 device_p->d_covers);
02842 pos = begin + len;
02843 if (pos < offset)
02844 {
02845 len = 0;
02846 begin = pos;
02847 }
02848 if (pos > offset+length) break;
02849 }
02850
02851
02852 rsbac_read_unlock(&device_list_head.lock, &dflags);
02853
02854 *start = buffer + (offset - begin);
02855 len -= (offset - begin);
02856
02857 if (len > length)
02858 len = length;
02859 return len;
02860 }
02861
02862 static int
02863 stats_proc_info(char *buffer, char **start, off_t offset, int length)
02864 {
02865 u_int len = 0;
02866 off_t pos = 0;
02867 off_t begin = 0;
02868 struct rsbac_device_list_item_t * device_p;
02869 int i;
02870 u_long fd_count, fd_dev_count, fd_sum = 0;
02871 u_long sum = 0;
02872 u_long total_sum = 0;
02873 long tmp_count;
02874 u_long dflags;
02875
02876 union rsbac_target_id_t rsbac_target_id;
02877 union rsbac_attribute_value_t rsbac_attribute_value;
02878
02879 if (!rsbac_initialized) return (-ENOSYS);
02880
02881 #ifdef CONFIG_RSBAC_DEBUG
02882 if (rsbac_debug_aef)
02883 {
02884 rsbac_printk(KERN_DEBUG "stats_proc_info(): calling ADF\n");
02885 }
02886 #endif
02887 rsbac_target_id.scd = ST_rsbac;
02888 rsbac_attribute_value.dummy = 0;
02889 if (!rsbac_adf_request(R_GET_STATUS_DATA,
02890 current->pid,
02891 T_SCD,
02892 rsbac_target_id,
02893 A_none,
02894 rsbac_attribute_value))
02895 {
02896 return -EPERM;
02897 }
02898
02899 #ifdef CONFIG_RSBAC_MAINT
02900 len = sprintf(buffer, "RSBAC Status\n------------\nRSBAC Version: %s (Maintenance Mode)\nSupported Modules:%s\n",
02901 RSBAC_VERSION, compiled_modules);
02902 #else
02903 len = sprintf(buffer, "RSBAC Status\n------------\nRSBAC Version: %s\nCompiled Modules:%s\n",
02904 RSBAC_VERSION, compiled_modules);
02905 #endif
02906 pos = begin + len;
02907 if (pos < offset)
02908 {
02909 len = 0;
02910 begin = pos;
02911 }
02912 if (pos > offset+length)
02913 goto out;
02914
02915 #ifdef CONFIG_RSBAC_SWITCH
02916 {
02917 char * active_modules;
02918
02919 active_modules = rsbac_kmalloc(RSBAC_MAXNAMELEN);
02920 if(active_modules)
02921 {
02922 active_modules[0] = (char) 0;
02923 #ifdef CONFIG_RSBAC_REG
02924 strcat(active_modules, " REG");
02925 #endif
02926 #ifdef CONFIG_RSBAC_MAC
02927 #ifdef CONFIG_RSBAC_SWITCH_MAC
02928 if(rsbac_switch_mac)
02929 #endif
02930 #ifdef CONFIG_RSBAC_MAC_LIGHT
02931 strcat(active_modules, " MAC-L");
02932 #else
02933 strcat(active_modules, " MAC");
02934 #endif
02935 #endif
02936 #ifdef CONFIG_RSBAC_PM
02937 #ifdef CONFIG_RSBAC_SWITCH_PM
02938 if(rsbac_switch_pm)
02939 #endif
02940 strcat(active_modules, " PM");
02941 #endif
02942 #ifdef CONFIG_RSBAC_DAZ
02943 #ifdef CONFIG_RSBAC_SWITCH_DAZ
02944 if(rsbac_switch_daz)
02945 #endif
02946 strcat(active_modules, " DAZ");
02947 #endif
02948 #ifdef CONFIG_RSBAC_FF
02949 #ifdef CONFIG_RSBAC_SWITCH_FF
02950 if(rsbac_switch_ff)
02951 #endif
02952 strcat(active_modules, " FF");
02953 #endif
02954 #ifdef CONFIG_RSBAC_RC
02955 #ifdef CONFIG_RSBAC_SWITCH_RC
02956 if(rsbac_switch_rc)
02957 #endif
02958 strcat(active_modules, " RC");
02959 #endif
02960 #ifdef CONFIG_RSBAC_AUTH
02961 #ifdef CONFIG_RSBAC_SWITCH_AUTH
02962 if(rsbac_switch_auth)
02963 #endif
02964 strcat(active_modules, " AUTH");
02965 #endif
02966 #ifdef CONFIG_RSBAC_ACL
02967 #ifdef CONFIG_RSBAC_SWITCH_ACL
02968 if(rsbac_switch_acl)
02969 #endif
02970 strcat(active_modules, " ACL");
02971 #endif
02972 #ifdef CONFIG_RSBAC_CAP
02973 #ifdef CONFIG_RSBAC_SWITCH_CAP
02974 if(rsbac_switch_cap)
02975 #endif
02976 strcat(active_modules, " CAP");
02977 #endif
02978 #ifdef CONFIG_RSBAC_JAIL
02979 #ifdef CONFIG_RSBAC_SWITCH_JAIL
02980 if(rsbac_switch_jail)
02981 #endif
02982 strcat(active_modules, " JAIL");
02983 #endif
02984 #ifdef CONFIG_RSBAC_RES
02985 #ifdef CONFIG_RSBAC_SWITCH_RES
02986 if(rsbac_switch_res)
02987 #endif
02988 strcat(active_modules, " RES");
02989 #endif
02990 #ifdef CONFIG_RSBAC_PAX
02991 #ifdef CONFIG_RSBAC_SWITCH_PAX
02992 if(rsbac_switch_pax)
02993 #endif
02994 strcat(active_modules, " PAX");
02995 #endif
02996 len += sprintf(buffer+len, "Active Modules: %s\n",
02997 active_modules);
02998 rsbac_kfree(active_modules);
02999 pos = begin + len;
03000 if (pos < offset)
03001 {
03002 len = 0;
03003 begin = pos;
03004 }
03005 if (pos > offset+length)
03006 goto out;
03007 }
03008 }
03009 #else
03010 len += sprintf(buffer+len, "All modules active (no switching)\n");
03011 pos = begin + len;
03012 if (pos < offset)
03013 {
03014 len = 0;
03015 begin = pos;
03016 }
03017 if (pos > offset+length)
03018 goto out;
03019 #endif
03020
03021 #ifdef CONFIG_RSBAC_SOFTMODE
03022 if(rsbac_softmode)
03023 {
03024 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03025 len += sprintf(buffer+len, "Global softmode is enabled\n");
03026 #else
03027 len += sprintf(buffer+len, "Softmode is enabled\n");
03028 #endif
03029 pos = begin + len;
03030 if (pos < offset)
03031 {
03032 len = 0;
03033 begin = pos;
03034 }
03035 if (pos > offset+length)
03036 goto out;
03037 }
03038 else
03039 {
03040 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03041 len += sprintf(buffer+len, "Global softmode is disabled\n");
03042 #else
03043 len += sprintf(buffer+len, "Softmode is disabled\n");
03044 #endif
03045 pos = begin + len;
03046 if (pos < offset)
03047 {
03048 len = 0;
03049 begin = pos;
03050 }
03051 if (pos > offset+length)
03052 goto out;
03053 }
03054 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03055 {
03056 char * tmp;
03057
03058 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
03059 if(tmp)
03060 {
03061 len += sprintf(buffer+len, "Individual softmode enabled for:");
03062 for(i=0; i<=RSBAC_MAX_MOD; i++)
03063 if(rsbac_ind_softmode[i])
03064 len += sprintf(buffer+len, " %s", get_switch_target_name(tmp, i));
03065 rsbac_kfree(tmp);
03066 len += sprintf(buffer+len, "\n");
03067 pos = begin + len;
03068 if (pos < offset)
03069 {
03070 len = 0;
03071 begin = pos;
03072 }
03073 if (pos > offset+length)
03074 goto out;
03075 }
03076 }
03077 #endif
03078 #endif
03079
03080 len += sprintf(buffer+len, "\n");
03081
03082
03083 rsbac_read_lock(&device_list_head.lock, &dflags);
03084
03085 device_p = device_list_head.head;
03086 if(device_p)
03087 len += sprintf(buffer + len, "FD items:\n");
03088 while (device_p)
03089 {
03090 fd_dev_count = 0;
03091
03092 fd_count = 0;
03093 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
03094 {
03095 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
03096 if(tmp_count > 0)
03097 fd_count+=tmp_count;
03098 }
03099 len += sprintf(buffer + len, "Dev %02u:%02u: %lu GEN",
03100 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
03101 fd_dev_count += fd_count;
03102
03103 #if defined(CONFIG_RSBAC_MAC)
03104 fd_count = 0;
03105 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
03106 {
03107 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
03108 if(tmp_count > 0)
03109 fd_count+=tmp_count;
03110 }
03111 len += sprintf(buffer + len, ", %lu MAC",
03112 fd_count);
03113 fd_dev_count += fd_count;
03114 #endif
03115
03116 #if defined(CONFIG_RSBAC_PM)
03117 fd_count = 0;
03118 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
03119 {
03120 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
03121 if(tmp_count > 0)
03122 fd_count+=tmp_count;
03123 }
03124 len += sprintf(buffer + len, ", %lu PM",
03125 fd_count);
03126 fd_dev_count += fd_count;
03127 #endif
03128
03129 #if defined(CONFIG_RSBAC_DAZ)
03130 fd_count = 0;
03131 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
03132 {
03133 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
03134 if(tmp_count > 0)
03135 fd_count+=tmp_count;
03136 }
03137 len += sprintf(buffer + len, ", %lu DAZ",
03138 fd_count);
03139 fd_dev_count += fd_count;
03140 #if defined(CONFIG_RSBAC_DAZ_CACHE)
03141 fd_count = 0;
03142 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
03143 {
03144 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
03145 if(tmp_count > 0)
03146 fd_count+=tmp_count;
03147 }
03148 len += sprintf(buffer + len, ", %lu DAZ_SCANNED",
03149 fd_count);
03150 fd_dev_count += fd_count;
03151 #endif
03152 #endif
03153
03154 #if defined(CONFIG_RSBAC_FF)
03155 fd_count = 0;
03156 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
03157 {
03158 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
03159 if(tmp_count > 0)
03160 fd_count+=tmp_count;
03161 }
03162 len += sprintf(buffer + len, ", %lu FF",
03163 fd_count);
03164 fd_dev_count += fd_count;
03165 #endif
03166
03167 #if defined(CONFIG_RSBAC_RC)
03168 fd_count = 0;
03169 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
03170 {
03171 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
03172 if(tmp_count > 0)
03173 fd_count+=tmp_count;
03174 }
03175 len += sprintf(buffer + len, ", %lu RC",
03176 fd_count);
03177 fd_dev_count += fd_count;
03178 #endif
03179
03180 #if defined(CONFIG_RSBAC_AUTH)
03181 fd_count = 0;
03182 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
03183 {
03184 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
03185 if(tmp_count > 0)
03186 fd_count+=tmp_count;
03187 }
03188 len += sprintf(buffer + len, ", %lu AUTH",
03189 fd_count);
03190 fd_dev_count += fd_count;
03191 #endif
03192
03193 #if defined(CONFIG_RSBAC_CAP)
03194 fd_count = 0;
03195 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
03196 {
03197 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
03198 if(tmp_count > 0)
03199 fd_count+=tmp_count;
03200 }
03201 len += sprintf(buffer + len, ", %lu CAP",
03202 fd_count);
03203 fd_dev_count += fd_count;
03204 #endif
03205
03206 #if defined(CONFIG_RSBAC_RES)
03207 fd_count = 0;
03208 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
03209 {
03210 tmp_count = rsbac_list_count(device_p->handles.res[i]);
03211 if(tmp_count > 0)
03212 fd_count+=tmp_count;
03213 }
03214 len += sprintf(buffer + len, ", %lu RES",
03215 fd_count);
03216 fd_dev_count += fd_count;
03217 #endif
03218
03219 #if defined(CONFIG_RSBAC_PAX)
03220 fd_count = 0;
03221 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
03222 {
03223 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
03224 if(tmp_count > 0)
03225 fd_count+=tmp_count;
03226 }
03227 len += sprintf(buffer + len, ", %lu PAX",
03228 fd_count);
03229 fd_dev_count += fd_count;
03230 #endif
03231
03232 len += sprintf(buffer + len, ", %lu total\n",
03233 fd_dev_count);
03234 pos = begin + len;
03235 if (pos < offset)
03236 {
03237 len = 0;
03238 begin = pos;
03239 }
03240 if (pos > offset+length)
03241 {
03242
03243 rsbac_read_unlock(&device_list_head.lock, &dflags);
03244 goto out;
03245 }
03246 fd_sum += fd_dev_count;
03247 device_p = device_p->next;
03248 }
03249 len += sprintf(buffer + len, "Sum of %u Devices with %lu fd-items\n\n",
03250 device_list_head.count, fd_sum);
03251 total_sum += fd_sum;
03252
03253 rsbac_read_unlock(&device_list_head.lock, &dflags);
03254 pos = begin + len;
03255 if (pos < offset)
03256 {
03257 len = 0;
03258 begin = pos;
03259 }
03260 if (pos > offset+length)
03261 goto out;
03262
03263
03264 sum = 0;
03265 tmp_count = rsbac_list_count(dev_handles.gen);
03266 len += sprintf(buffer + len, "DEV: %lu GEN",
03267 tmp_count);
03268 sum += tmp_count;
03269 #if defined(CONFIG_RSBAC_MAC)
03270 tmp_count = rsbac_list_count(dev_handles.mac);
03271 len += sprintf(buffer + len, ", %lu MAC",
03272 tmp_count);
03273 sum += tmp_count;
03274 #endif
03275 #if defined(CONFIG_RSBAC_PM)
03276 tmp_count = rsbac_list_count(dev_handles.pm);
03277 len += sprintf(buffer + len, ", %lu PM",
03278 tmp_count);
03279 sum += tmp_count;
03280 #endif
03281 #if defined(CONFIG_RSBAC_RC)
03282 tmp_count = rsbac_list_count(dev_major_handles.rc);
03283 len += sprintf(buffer + len, ", %lu major RC",
03284 tmp_count);
03285 sum += tmp_count;
03286 tmp_count = rsbac_list_count(dev_handles.rc);
03287 len += sprintf(buffer + len, ", %lu RC",
03288 tmp_count);
03289 sum += tmp_count;
03290 #endif
03291 len += sprintf(buffer + len, ", %lu total\n",
03292 sum);
03293 total_sum += sum;
03294 pos = begin + len;
03295 if (pos < offset)
03296 {
03297 len = 0;
03298 begin = pos;
03299 }
03300 if (pos > offset+length)
03301 goto out;
03302
03303
03304 sum = 0;
03305 len += sprintf(buffer + len, "IPC: 0 GEN");
03306 #if defined(CONFIG_RSBAC_MAC)
03307 tmp_count = rsbac_list_count(ipc_handles.mac);
03308 len += sprintf(buffer + len, ", %lu MAC",
03309 tmp_count);
03310 sum += tmp_count;
03311 #endif
03312 #if defined(CONFIG_RSBAC_PM)
03313 tmp_count = rsbac_list_count(ipc_handles.pm);
03314 len += sprintf(buffer + len, ", %lu PM",
03315 tmp_count);
03316 sum += tmp_count;
03317 #endif
03318 #if defined(CONFIG_RSBAC_RC)
03319 tmp_count = rsbac_list_count(ipc_handles.rc);
03320 len += sprintf(buffer + len, ", %lu RC",
03321 tmp_count);
03322 sum += tmp_count;
03323 #endif
03324 #if defined(CONFIG_RSBAC_JAIL)
03325 tmp_count = rsbac_list_count(ipc_handles.jail);
03326 len += sprintf(buffer + len, ", %lu JAIL",
03327 tmp_count);
03328 sum += tmp_count;
03329 #endif
03330 len += sprintf(buffer + len, ", %lu total\n",
03331 sum);
03332 total_sum += sum;
03333 pos = begin + len;
03334 if (pos < offset)
03335 {
03336 len = 0;
03337 begin = pos;
03338 }
03339 if (pos > offset+length)
03340 goto out;
03341
03342
03343 sum = 0;
03344 tmp_count = rsbac_list_count(user_handles.gen);
03345 len += sprintf(buffer + len, "USER: %lu GEN",
03346 tmp_count);
03347 sum += tmp_count;
03348 #if defined(CONFIG_RSBAC_MAC)
03349 tmp_count = rsbac_list_count(user_handles.mac);
03350 len += sprintf(buffer + len, ", %lu MAC",
03351 tmp_count);
03352 sum += tmp_count;
03353 #endif
03354 #if defined(CONFIG_RSBAC_PM)
03355 tmp_count = rsbac_list_count(user_handles.pm);
03356 len += sprintf(buffer + len, ", %lu PM",
03357 tmp_count);
03358 sum += tmp_count;
03359 #endif
03360 #if defined(CONFIG_RSBAC_DAZ)
03361 tmp_count = rsbac_list_count(user_handles.daz);
03362 len += sprintf(buffer + len, ", %lu DAZ",
03363 tmp_count);
03364 sum += tmp_count;
03365 #endif
03366 #if defined(CONFIG_RSBAC_FF)
03367 tmp_count = rsbac_list_count(user_handles.ff);
03368 len += sprintf(buffer + len, ", %lu FF",
03369 tmp_count);
03370 sum += tmp_count;
03371 #endif
03372 #if defined(CONFIG_RSBAC_RC)
03373 tmp_count = rsbac_list_count(user_handles.rc);
03374 len += sprintf(buffer + len, ", %lu RC",
03375 tmp_count);
03376 sum += tmp_count;
03377 #endif
03378 #if defined(CONFIG_RSBAC_AUTH)
03379 tmp_count = rsbac_list_count(user_handles.auth);
03380 len += sprintf(buffer + len, ", %lu AUTH",
03381 tmp_count);
03382 sum += tmp_count;
03383 #endif
03384 #if defined(CONFIG_RSBAC_CAP)
03385 tmp_count = rsbac_list_count(user_handles.cap);
03386 len += sprintf(buffer + len, ", %lu CAP",
03387 tmp_count);
03388 sum += tmp_count;
03389 #endif
03390 #if defined(CONFIG_RSBAC_JAIL)
03391 tmp_count = rsbac_list_count(user_handles.jail);
03392 len += sprintf(buffer + len, ", %lu JAIL",
03393 tmp_count);
03394 sum += tmp_count;
03395 #endif
03396 #if defined(CONFIG_RSBAC_RES)
03397 tmp_count = rsbac_list_count(user_handles.res);
03398 len += sprintf(buffer + len, ", %lu RES",
03399 tmp_count);
03400 sum += tmp_count;
03401 #endif
03402 #if defined(CONFIG_RSBAC_PAX)
03403 tmp_count = rsbac_list_count(user_handles.pax);
03404 len += sprintf(buffer + len, ", %lu PAX",
03405 tmp_count);
03406 sum += tmp_count;
03407 #endif
03408 len += sprintf(buffer + len, ", %lu total\n",
03409 sum);
03410 total_sum += sum;
03411 pos = begin + len;
03412 if (pos < offset)
03413 {
03414 len = 0;
03415 begin = pos;
03416 }
03417 if (pos > offset+length)
03418 goto out;
03419
03420
03421 sum = 0;
03422 tmp_count = 0;
03423 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
03424 tmp_count += rsbac_list_count(process_handles.gen[i]);
03425 len += sprintf(buffer + len, "PROCESS: %lu GEN",
03426 tmp_count);
03427 sum += tmp_count;
03428 #if defined(CONFIG_RSBAC_MAC)
03429 tmp_count = 0;
03430 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
03431 tmp_count += rsbac_list_count(process_handles.mac[i]);
03432 len += sprintf(buffer + len, ", %lu MAC",
03433 tmp_count);
03434 sum += tmp_count;
03435 #endif
03436 #if defined(CONFIG_RSBAC_PM)
03437 tmp_count = rsbac_list_count(process_handles.pm);
03438 len += sprintf(buffer + len, ", %lu PM",
03439 tmp_count);
03440 sum += tmp_count;
03441 #endif
03442 #if defined(CONFIG_RSBAC_DAZ)
03443 tmp_count = rsbac_list_count(process_handles.daz);
03444 len += sprintf(buffer + len, ", %lu DAZ",
03445 tmp_count);
03446 sum += tmp_count;
03447 #endif
03448 #if defined(CONFIG_RSBAC_RC)
03449 tmp_count = 0;
03450 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
03451 tmp_count += rsbac_list_count(process_handles.rc[i]);
03452 len += sprintf(buffer + len, ", %lu RC",
03453 tmp_count);
03454 sum += tmp_count;
03455 #endif
03456 #if defined(CONFIG_RSBAC_AUTH)
03457 tmp_count = rsbac_list_count(process_handles.auth);
03458 len += sprintf(buffer + len, ", %lu AUTH",
03459 tmp_count);
03460 sum += tmp_count;
03461 #endif
03462 #if defined(CONFIG_RSBAC_CAP)
03463 tmp_count = rsbac_list_count(process_handles.cap);
03464 len += sprintf(buffer + len, ", %lu CAP",
03465 tmp_count);
03466 sum += tmp_count;
03467 #endif
03468 #if defined(CONFIG_RSBAC_JAIL)
03469 tmp_count = 0;
03470 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
03471 tmp_count += rsbac_list_count(process_handles.jail[i]);
03472 len += sprintf(buffer + len, ", %lu JAIL",
03473 tmp_count);
03474 sum += tmp_count;
03475 #endif
03476 len += sprintf(buffer + len, ", %lu total\n",
03477 sum);
03478 total_sum += sum;
03479 pos = begin + len;
03480 if (pos < offset)
03481 {
03482 len = 0;
03483 begin = pos;
03484 }
03485 if (pos > offset+length)
03486 goto out;
03487
03488 #if defined(CONFIG_RSBAC_UM)
03489
03490 sum = 0;
03491 len += sprintf(buffer + len, "GROUP:");
03492 #if defined(CONFIG_RSBAC_RC_UM_PROT)
03493 tmp_count = rsbac_list_count(group_handles.rc);
03494 len += sprintf(buffer + len, " %lu RC,",
03495 tmp_count);
03496 sum += tmp_count;
03497 #endif
03498 len += sprintf(buffer + len, " %lu total\n",
03499 sum);
03500 total_sum += sum;
03501 pos = begin + len;
03502 if (pos < offset)
03503 {
03504 len = 0;
03505 begin = pos;
03506 }
03507 if (pos > offset+length)
03508 goto out;
03509 #endif
03510
03511 #if defined(CONFIG_RSBAC_NET_DEV)
03512
03513 sum = 0;
03514 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
03515 tmp_count = rsbac_list_count(netdev_handles.gen);
03516 len += sprintf(buffer + len, "NETDEV: %lu GEN, ",
03517 tmp_count);
03518 sum += tmp_count;
03519 #else
03520 len += sprintf(buffer + len, "NETDEV: ");
03521 #endif
03522 #if defined(CONFIG_RSBAC_RC)
03523 tmp_count = rsbac_list_count(netdev_handles.rc);
03524 len += sprintf(buffer + len, "%lu RC, ",
03525 tmp_count);
03526 sum += tmp_count;
03527 #endif
03528 len += sprintf(buffer + len, "%lu total\n",
03529 sum);
03530 total_sum += sum;
03531 pos = begin + len;
03532 if (pos < offset)
03533 {
03534 len = 0;
03535 begin = pos;
03536 }
03537 if (pos > offset+length)
03538 goto out;
03539
03540 #endif
03541
03542 #if defined(CONFIG_RSBAC_NET_OBJ)
03543
03544 tmp_count = rsbac_list_count(net_temp_handle);
03545 len += sprintf(buffer + len, "%lu Network Templates\n",
03546 tmp_count);
03547
03548
03549 sum = 0;
03550 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
03551 tmp_count = rsbac_list_count(nettemp_handles.gen);
03552 len += sprintf(buffer + len, "NETTEMP: %lu GEN, ",
03553 tmp_count);
03554 sum += tmp_count;
03555 #else
03556 len += sprintf(buffer + len, "NETTEMP: ");
03557 #endif
03558 #if defined(CONFIG_RSBAC_MAC)
03559 tmp_count = rsbac_list_count(nettemp_handles.mac);
03560 len += sprintf(buffer + len, "%lu MAC, ",
03561 tmp_count);
03562 sum += tmp_count;
03563 #endif
03564 #if defined(CONFIG_RSBAC_PM)
03565 tmp_count = rsbac_list_count(nettemp_handles.pm);
03566 len += sprintf(buffer + len, "%lu PM, ",
03567 tmp_count);
03568 sum += tmp_count;
03569 #endif
03570 #if defined(CONFIG_RSBAC_RC)
03571 tmp_count = rsbac_list_count(nettemp_handles.rc);
03572 len += sprintf(buffer + len, "%lu RC, ",
03573 tmp_count);
03574 sum += tmp_count;
03575 #endif
03576 len += sprintf(buffer + len, "%lu total\n",
03577 sum);
03578 total_sum += sum;
03579 pos = begin + len;
03580 if (pos < offset)
03581 {
03582 len = 0;
03583 begin = pos;
03584 }
03585 if (pos > offset+length)
03586 goto out;
03587
03588
03589 sum = 0;
03590 len += sprintf(buffer + len, "LNETOBJ: ");
03591 #if defined(CONFIG_RSBAC_MAC)
03592 tmp_count = rsbac_list_count(lnetobj_handles.mac);
03593 len += sprintf(buffer + len, "%lu MAC, ",
03594 tmp_count);
03595 sum += tmp_count;
03596 #endif
03597 #if defined(CONFIG_RSBAC_PM)
03598 tmp_count = rsbac_list_count(lnetobj_handles.pm);
03599 len += sprintf(buffer + len, "%lu PM, ",
03600 tmp_count);
03601 sum += tmp_count;
03602 #endif
03603 #if defined(CONFIG_RSBAC_RC)
03604 tmp_count = rsbac_list_count(lnetobj_handles.rc);
03605 len += sprintf(buffer + len, "%lu RC, ",
03606 tmp_count);
03607 sum += tmp_count;
03608 #endif
03609 len += sprintf(buffer + len, "%lu total\n",
03610 sum);
03611 total_sum += sum;
03612 pos = begin + len;
03613 if (pos < offset)
03614 {
03615 len = 0;
03616 begin = pos;
03617 }
03618 if (pos > offset+length)
03619 goto out;
03620
03621
03622 sum = 0;
03623 len += sprintf(buffer + len, "RNETOBJ: ");
03624 #if defined(CONFIG_RSBAC_MAC)
03625 tmp_count = rsbac_list_count(rnetobj_handles.mac);
03626 len += sprintf(buffer + len, "%lu MAC, ",
03627 tmp_count);
03628 sum += tmp_count;
03629 #endif
03630 #if defined(CONFIG_RSBAC_PM)
03631 tmp_count = rsbac_list_count(rnetobj_handles.pm);
03632 len += sprintf(buffer + len, "%lu PM, ",
03633 tmp_count);
03634 sum += tmp_count;
03635 #endif
03636 #if defined(CONFIG_RSBAC_RC)
03637 tmp_count = rsbac_list_count(rnetobj_handles.rc);
03638 len += sprintf(buffer + len, "%lu RC, ",
03639 tmp_count);
03640 sum += tmp_count;
03641 #endif
03642 len += sprintf(buffer + len, "%lu total\n",
03643 sum);
03644 total_sum += sum;
03645 pos = begin + len;
03646 if (pos < offset)
03647 {
03648 len = 0;
03649 begin = pos;
03650 }
03651 if (pos > offset+length)
03652 goto out;
03653
03654 #endif
03655
03656 len += sprintf(buffer + len,
03657 "Total sum of %lu registered rsbac-items\n",
03658 total_sum);
03659 pos = begin + len;
03660 if (pos < offset)
03661 {
03662 len = 0;
03663 begin = pos;
03664 }
03665 if (pos > offset+length)
03666 goto out;
03667
03668 len += sprintf(buffer + len,
03669 "\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
03670 rsbac_adf_request_count[T_FILE],
03671 rsbac_adf_request_count[T_DIR],
03672 rsbac_adf_request_count[T_FIFO],
03673 rsbac_adf_request_count[T_SYMLINK],
03674 rsbac_adf_request_count[T_DEV],
03675 rsbac_adf_request_count[T_IPC],
03676 rsbac_adf_request_count[T_SCD],
03677 rsbac_adf_request_count[T_USER],
03678 rsbac_adf_request_count[T_PROCESS],
03679 rsbac_adf_request_count[T_NETDEV],
03680 rsbac_adf_request_count[T_NETTEMP],
03681 rsbac_adf_request_count[T_NETOBJ]);
03682 pos = begin + len;
03683 if (pos < offset)
03684 {
03685 len = 0;
03686 begin = pos;
03687 }
03688 if (pos > offset+length)
03689 goto out;
03690
03691 len += sprintf(buffer + len,
03692 "adf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
03693 rsbac_adf_set_attr_count[T_FILE],
03694 rsbac_adf_set_attr_count[T_DIR],
03695 rsbac_adf_set_attr_count[T_FIFO],
03696 rsbac_adf_set_attr_count[T_SYMLINK],
03697 rsbac_adf_set_attr_count[T_DEV],
03698 rsbac_adf_set_attr_count[T_IPC],
03699 rsbac_adf_set_attr_count[T_SCD],
03700 rsbac_adf_set_attr_count[T_USER],
03701 rsbac_adf_set_attr_count[T_PROCESS],
03702 rsbac_adf_set_attr_count[T_NETDEV],
03703 rsbac_adf_set_attr_count[T_NETTEMP],
03704 rsbac_adf_set_attr_count[T_NETOBJ]);
03705 pos = begin + len;
03706 if (pos < offset)
03707 {
03708 len = 0;
03709 begin = pos;
03710 }
03711
03712 out:
03713 *start = buffer + (offset - begin);
03714 len -= (offset - begin);
03715
03716 if (len > length)
03717 len = length;
03718 return len;
03719 }
03720
03721 static int
03722 active_proc_info(char *buffer, char **start, off_t offset, int length)
03723 {
03724 u_int len = 0;
03725 off_t pos = 0;
03726 off_t begin = 0;
03727
03728 union rsbac_target_id_t rsbac_target_id;
03729 union rsbac_attribute_value_t rsbac_attribute_value;
03730
03731 if (!rsbac_initialized) return (-ENOSYS);
03732
03733 #ifdef CONFIG_RSBAC_DEBUG
03734 if (rsbac_debug_aef)
03735 {
03736 rsbac_printk(KERN_DEBUG "stats_proc_info(): calling ADF\n");
03737 }
03738 #endif
03739 rsbac_target_id.scd = ST_rsbac;
03740 rsbac_attribute_value.dummy = 0;
03741 if (!rsbac_adf_request(R_GET_STATUS_DATA,
03742 current->pid,
03743 T_SCD,
03744 rsbac_target_id,
03745 A_none,
03746 rsbac_attribute_value))
03747 {
03748 return -EPERM;
03749 }
03750
03751 len = sprintf(buffer, "Version: %s\n",
03752 RSBAC_VERSION);
03753 #ifdef CONFIG_RSBAC_MAINT
03754 len += sprintf(buffer+len, "Mode: Maintenance\n");
03755 len += sprintf(buffer+len, "Softmode: unavailable\n");
03756 #else
03757 #ifdef CONFIG_RSBAC_SOFTMODE
03758 if(rsbac_softmode)
03759 len += sprintf(buffer+len, "Mode: SOFTMODE\n");
03760 else
03761 #endif
03762 len += sprintf(buffer+len, "Mode: Secure\n");
03763 #ifdef CONFIG_RSBAC_SOFTMODE
03764 len += sprintf(buffer+len, "Softmode: available\n");
03765 #else
03766 len += sprintf(buffer+len, "Softmode: unavailable\n");
03767 #endif
03768 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03769 len += sprintf(buffer+len, "Ind-Soft: available\n");
03770 #else
03771 len += sprintf(buffer+len, "Ind-Soft: unavailable\n");
03772 #endif
03773 #ifdef CONFIG_RSBAC_SWITCH
03774 len += sprintf(buffer+len, "Switching: available for");
03775 #ifdef CONFIG_RSBAC_SWITCH_MAC
03776 #ifndef CONFIG_RSBAC_SWITCH_ON
03777 if(rsbac_switch_mac)
03778 #endif
03779 len += sprintf(buffer+len, " MAC");
03780 #endif
03781 #ifdef CONFIG_RSBAC_SWITCH_PM
03782 #ifndef CONFIG_RSBAC_SWITCH_ON
03783 if(rsbac_switch_pm)
03784 #endif
03785 len += sprintf(buffer+len, " PM");
03786 #endif
03787 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03788 len += sprintf(buffer+len, " DAZ");
03789 #endif
03790 #ifdef CONFIG_RSBAC_SWITCH_FF
03791 len += sprintf(buffer+len, " FF");
03792 #endif
03793 #ifdef CONFIG_RSBAC_SWITCH_RC
03794 #ifndef CONFIG_RSBAC_SWITCH_ON
03795 if(rsbac_switch_rc)
03796 #endif
03797 len += sprintf(buffer+len, " RC");
03798 #endif
03799 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03800 len += sprintf(buffer+len, " AUTH");
03801 #endif
03802 #ifdef CONFIG_RSBAC_SWITCH_ACL
03803 len += sprintf(buffer+len, " ACL");
03804 #endif
03805 #ifdef CONFIG_RSBAC_SWITCH_CAP
03806 len += sprintf(buffer+len, " CAP");
03807 #endif
03808 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03809 len += sprintf(buffer+len, " JAIL");
03810 #endif
03811 #ifdef CONFIG_RSBAC_SWITCH_RES
03812 len += sprintf(buffer+len, " RES");
03813 #endif
03814 #ifdef CONFIG_RSBAC_SWITCH_PAX
03815 len += sprintf(buffer+len, " PAX");
03816 #endif
03817 len += sprintf(buffer+len, "\n");
03818 #else
03819 len += sprintf(buffer+len, "Switching: unavailable\n");
03820 #endif
03821 #endif
03822 pos = begin + len;
03823 if (pos < offset)
03824 {
03825 len = 0;
03826 begin = pos;
03827 }
03828 if (pos > offset+length)
03829 goto out;
03830
03831 #ifdef CONFIG_RSBAC_REG
03832 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03833 if(rsbac_ind_softmode[REG])
03834 len += sprintf(buffer+len, "Module: REG SOFTMODE\n");
03835 else
03836 #endif
03837 len += sprintf(buffer+len, "Module: REG on\n");
03838 #endif
03839
03840 #ifdef CONFIG_RSBAC_MAC
03841 #ifdef CONFIG_RSBAC_SWITCH_MAC
03842 if(!rsbac_switch_mac)
03843 len += sprintf(buffer+len, "Module: MAC OFF\n");
03844 else
03845 #endif
03846 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03847 if(rsbac_ind_softmode[MAC])
03848 len += sprintf(buffer+len, "Module: MAC SOFTMODE\n");
03849 else
03850 #endif
03851 len += sprintf(buffer+len, "Module: MAC on\n");
03852 #endif
03853
03854 #ifdef CONFIG_RSBAC_PM
03855 #ifdef CONFIG_RSBAC_SWITCH_PM
03856 if(!rsbac_switch_pm)
03857 len += sprintf(buffer+len, "Module: PM OFF\n");
03858 else
03859 #endif
03860 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03861 if(rsbac_ind_softmode[PM])
03862 len += sprintf(buffer+len, "Module: PM SOFTMODE\n");
03863 else
03864 #endif
03865 len += sprintf(buffer+len, "Module: PM on\n");
03866 #endif
03867
03868 #ifdef CONFIG_RSBAC_DAZ
03869 #ifdef CONFIG_RSBAC_SWITCH_DAZ
03870 if(!rsbac_switch_daz)
03871 len += sprintf(buffer+len, "Module: DAZ OFF\n");
03872 else
03873 #endif
03874 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03875 if(rsbac_ind_softmode[DAZ])
03876 len += sprintf(buffer+len, "Module: DAZ SOFTMODE\n");
03877 else
03878 #endif
03879 len += sprintf(buffer+len, "Module: DAZ on\n");
03880 #endif
03881
03882 #ifdef CONFIG_RSBAC_FF
03883 #ifdef CONFIG_RSBAC_SWITCH_FF
03884 if(!rsbac_switch_ff)
03885 len += sprintf(buffer+len, "Module: FF OFF\n");
03886 else
03887 #endif
03888 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03889 if(rsbac_ind_softmode[FF])
03890 len += sprintf(buffer+len, "Module: FF SOFTMODE\n");
03891 else
03892 #endif
03893 len += sprintf(buffer+len, "Module: FF on\n");
03894 #endif
03895
03896 #ifdef CONFIG_RSBAC_RC
03897 #ifdef CONFIG_RSBAC_SWITCH_RC
03898 if(!rsbac_switch_rc)
03899 len += sprintf(buffer+len, "Module: RC OFF\n");
03900 else
03901 #endif
03902 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03903 if(rsbac_ind_softmode[RC])
03904 len += sprintf(buffer+len, "Module: RC SOFTMODE\n");
03905 else
03906 #endif
03907 len += sprintf(buffer+len, "Module: RC on\n");
03908 #endif
03909
03910 #ifdef CONFIG_RSBAC_AUTH
03911 #ifdef CONFIG_RSBAC_SWITCH_AUTH
03912 if(!rsbac_switch_auth)
03913 len += sprintf(buffer+len, "Module: AUTH OFF\n");
03914 else
03915 #endif
03916 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03917 if(rsbac_ind_softmode[AUTH])
03918 len += sprintf(buffer+len, "Module: AUTH SOFTMODE\n");
03919 else
03920 #endif
03921 len += sprintf(buffer+len, "Module: AUTH on\n");
03922 #endif
03923
03924 #ifdef CONFIG_RSBAC_ACL
03925 #ifdef CONFIG_RSBAC_SWITCH_ACL
03926 if(!rsbac_switch_acl)
03927 len += sprintf(buffer+len, "Module: ACL OFF\n");
03928 else
03929 #endif
03930 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03931 if(rsbac_ind_softmode[ACL])
03932 len += sprintf(buffer+len, "Module: ACL SOFTMODE\n");
03933 else
03934 #endif
03935 len += sprintf(buffer+len, "Module: ACL on\n");
03936 #endif
03937
03938 #ifdef CONFIG_RSBAC_CAP
03939 #ifdef CONFIG_RSBAC_SWITCH_CAP
03940 if(!rsbac_switch_cap)
03941 len += sprintf(buffer+len, "Module: CAP OFF\n");
03942 else
03943 #endif
03944 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03945 if(rsbac_ind_softmode[CAP])
03946 len += sprintf(buffer+len, "Module: CAP SOFTMODE\n");
03947 else
03948 #endif
03949 len += sprintf(buffer+len, "Module: CAP on\n");
03950 #endif
03951
03952 #ifdef CONFIG_RSBAC_JAIL
03953 #ifdef CONFIG_RSBAC_SWITCH_JAIL
03954 if(!rsbac_switch_jail)
03955 len += sprintf(buffer+len, "Module: JAIL OFF\n");
03956 else
03957 #endif
03958 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03959 if(rsbac_ind_softmode[JAIL])
03960 len += sprintf(buffer+len, "Module: JAIL SOFTMODE\n");
03961 else
03962 #endif
03963 len += sprintf(buffer+len, "Module: JAIL on\n");
03964 #endif
03965
03966 #ifdef CONFIG_RSBAC_RES
03967 #ifdef CONFIG_RSBAC_SWITCH_RES
03968 if(!rsbac_switch_res)
03969 len += sprintf(buffer+len, "Module: RES OFF\n");
03970 else
03971 #endif
03972 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03973 if(rsbac_ind_softmode[RES])
03974 len += sprintf(buffer+len, "Module: RES SOFTMODE\n");
03975 else
03976 #endif
03977 len += sprintf(buffer+len, "Module: RES on\n");
03978 #endif
03979
03980 #ifdef CONFIG_RSBAC_PAX
03981 #ifdef CONFIG_RSBAC_SWITCH_PAX
03982 if(!rsbac_switch_pax)
03983 len += sprintf(buffer+len, "Module: PAX OFF\n");
03984 else
03985 #endif
03986 #ifdef CONFIG_RSBAC_SOFTMODE_IND
03987 if(rsbac_ind_softmode[PAX])
03988 len += sprintf(buffer+len, "Module: PAX SOFTMODE\n");
03989 else
03990 #endif
03991 len += sprintf(buffer+len, "Module: PAX on\n");
03992 #endif
03993
03994 pos = begin + len;
03995 if (pos < offset)
03996 {
03997 len = 0;
03998 begin = pos;
03999 }
04000
04001 out:
04002 *start = buffer + (offset - begin);
04003 len -= (offset - begin);
04004
04005 if (len > length)
04006 len = length;
04007 return len;
04008 }
04009
04010 #ifdef CONFIG_RSBAC_XSTATS
04011 static int
04012 xstats_proc_info(char *buffer, char **start, off_t offset, int length)
04013 {
04014 u_int len = 0;
04015 off_t pos = 0;
04016 off_t begin = 0;
04017 int i,j;
04018 char name[80];
04019 union rsbac_target_id_t rsbac_target_id;
04020 union rsbac_attribute_value_t rsbac_attribute_value;
04021
04022 if (!rsbac_initialized) return (-ENOSYS);
04023
04024 #ifdef CONFIG_RSBAC_DEBUG
04025 if (rsbac_debug_aef)
04026 {
04027 rsbac_printk(KERN_DEBUG "xstats_proc_info(): calling ADF\n");
04028 }
04029 #endif
04030 rsbac_target_id.scd = ST_rsbac;
04031 rsbac_attribute_value.dummy = 0;
04032 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04033 current->pid,
04034 T_SCD,
04035 rsbac_target_id,
04036 A_none,
04037 rsbac_attribute_value))
04038 {
04039 return -EPERM;
04040 }
04041
04042 len += sprintf(buffer,
04043 "RSBAC ADF call Statistics\n-------------------------\nadf_request table:\n");
04044 pos = begin + len;
04045 if (pos < offset)
04046 {
04047 len = 0;
04048 begin = pos;
04049 }
04050 if (pos > offset+length)
04051 goto out;
04052
04053 len += sprintf(buffer + len, "Request /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tGROUP\tNONE");
04054 pos = begin + len;
04055 if (pos < offset)
04056 {
04057 len = 0;
04058 begin = pos;
04059 }
04060 if (pos > offset+length)
04061 goto out;
04062
04063 for(i=0;i<R_NONE;i++)
04064 {
04065 get_request_name(name, i);
04066 name[15]=0;
04067 len += sprintf(buffer + len, "\n%-14s\t",name);
04068 pos = begin + len;
04069 if (pos < offset)
04070 {
04071 len = 0;
04072 begin = pos;
04073 }
04074 if (pos > offset+length)
04075 goto out;
04076 for(j=0;j<=T_NONE;j++)
04077 {
04078 if( (j == T_NETTEMP_NT)
04079 || (j == T_FD)
04080 )
04081 continue;
04082 len += sprintf(buffer + len, "%lu\t",
04083 rsbac_adf_request_xcount[j][i]);
04084 pos = begin + len;
04085 if (pos < offset)
04086 {
04087 len = 0;
04088 begin = pos;
04089 }
04090 if (pos > offset+length)
04091 goto out;
04092 }
04093 }
04094
04095 len += sprintf(buffer + len,
04096 "\n\nadf_request calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, none: %lu\n",
04097 rsbac_adf_request_count[T_FILE],
04098 rsbac_adf_request_count[T_DIR],
04099 rsbac_adf_request_count[T_FIFO],
04100 rsbac_adf_request_count[T_SYMLINK],
04101 rsbac_adf_request_count[T_DEV],
04102 rsbac_adf_request_count[T_IPC],
04103 rsbac_adf_request_count[T_SCD],
04104 rsbac_adf_request_count[T_USER],
04105 rsbac_adf_request_count[T_PROCESS],
04106 rsbac_adf_request_count[T_NETDEV],
04107 rsbac_adf_request_count[T_NETTEMP],
04108 rsbac_adf_request_count[T_NETOBJ],
04109 rsbac_adf_request_count[T_GROUP],
04110 rsbac_adf_request_count[T_NONE]);
04111 pos = begin + len;
04112 if (pos < offset)
04113 {
04114 len = 0;
04115 begin = pos;
04116 }
04117 if (pos > offset+length)
04118 goto out;
04119
04120 len += sprintf(buffer+len,
04121 "\n\nadf_set_attr table:\nRequest /\tFILE\tDIR\tFIFO\tSYMLINK\tDEV\tIPC\tSCD\tUSER\tPROCESS\tNETDEV\tNETTEMP\tNETOBJ\tGROUP\tNONE");
04122 pos = begin + len;
04123 if (pos < offset)
04124 {
04125 len = 0;
04126 begin = pos;
04127 }
04128 if (pos > offset+length)
04129 goto out;
04130
04131 for(i=0;i<R_NONE;i++)
04132 {
04133 get_request_name(name, i);
04134 name[15]=0;
04135 len += sprintf(buffer + len, "\n%-14s\t",name);
04136 pos = begin + len;
04137 if (pos < offset)
04138 {
04139 len = 0;
04140 begin = pos;
04141 }
04142 if (pos > offset+length)
04143 goto out;
04144 for(j=0;j<=T_NONE;j++)
04145 {
04146 if( (j == T_NETTEMP_NT)
04147 || (j == T_FD)
04148 )
04149 continue;
04150 len += sprintf(buffer + len, "%lu\t",
04151 rsbac_adf_set_attr_xcount[j][i]);
04152 pos = begin + len;
04153 if (pos < offset)
04154 {
04155 len = 0;
04156 begin = pos;
04157 }
04158 if (pos > offset+length)
04159 goto out;
04160 }
04161 }
04162
04163 len += sprintf(buffer + len,
04164 "\n\nadf_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu, none: %lu\n",
04165 rsbac_adf_set_attr_count[T_FILE],
04166 rsbac_adf_set_attr_count[T_DIR],
04167 rsbac_adf_set_attr_count[T_FIFO],
04168 rsbac_adf_set_attr_count[T_SYMLINK],
04169 rsbac_adf_set_attr_count[T_DEV],
04170 rsbac_adf_set_attr_count[T_IPC],
04171 rsbac_adf_set_attr_count[T_SCD],
04172 rsbac_adf_set_attr_count[T_USER],
04173 rsbac_adf_set_attr_count[T_PROCESS],
04174 rsbac_adf_set_attr_count[T_NETDEV],
04175 rsbac_adf_set_attr_count[T_NETTEMP],
04176 rsbac_adf_set_attr_count[T_NETOBJ],
04177 rsbac_adf_request_count[T_GROUP],
04178 rsbac_adf_set_attr_count[T_NONE]);
04179 pos = begin + len;
04180 if (pos < offset)
04181 {
04182 len = 0;
04183 begin = pos;
04184 }
04185 if (pos > offset+length)
04186 goto out;
04187
04188 len += sprintf(buffer + len,
04189 "\n\nData Structures:\nrsbac_get_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu\n",
04190 get_attr_count[T_FILE],
04191 get_attr_count[T_DIR],
04192 get_attr_count[T_FIFO],
04193 get_attr_count[T_SYMLINK],
04194 get_attr_count[T_DEV],
04195 get_attr_count[T_IPC],
04196 get_attr_count[T_SCD],
04197 get_attr_count[T_USER],
04198 get_attr_count[T_PROCESS],
04199 get_attr_count[T_NETDEV],
04200 get_attr_count[T_NETTEMP],
04201 get_attr_count[T_NETOBJ],
04202 get_attr_count[T_GROUP]);
04203 pos = begin + len;
04204 if (pos < offset)
04205 {
04206 len = 0;
04207 begin = pos;
04208 }
04209 if (pos > offset+length)
04210 goto out;
04211
04212 len += sprintf(buffer + len,
04213 "\nrsbac_set_attr calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu\n",
04214 set_attr_count[T_FILE],
04215 set_attr_count[T_DIR],
04216 set_attr_count[T_FIFO],
04217 set_attr_count[T_SYMLINK],
04218 set_attr_count[T_DEV],
04219 set_attr_count[T_IPC],
04220 set_attr_count[T_SCD],
04221 set_attr_count[T_USER],
04222 set_attr_count[T_PROCESS],
04223 set_attr_count[T_NETDEV],
04224 set_attr_count[T_NETTEMP],
04225 set_attr_count[T_NETOBJ],
04226 set_attr_count[T_GROUP]);
04227 pos = begin + len;
04228 if (pos < offset)
04229 {
04230 len = 0;
04231 begin = pos;
04232 }
04233 if (pos > offset+length)
04234 goto out;
04235
04236 len += sprintf(buffer + len,
04237 "\nrsbac_remove_target calls:\nfile: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu, group: %lu\n",
04238 remove_count[T_FILE],
04239 remove_count[T_DIR],
04240 remove_count[T_FIFO],
04241 remove_count[T_SYMLINK],
04242 remove_count[T_DEV],
04243 remove_count[T_IPC],
04244 remove_count[T_SCD],
04245 remove_count[T_USER],
04246 remove_count[T_PROCESS],
04247 remove_count[T_NETDEV],
04248 remove_count[T_NETTEMP],
04249 remove_count[T_NETOBJ],
04250 remove_count[T_GROUP]);
04251 pos = begin + len;
04252 if (pos < offset)
04253 {
04254 len = 0;
04255 begin = pos;
04256 }
04257
04258 out:
04259 *start = buffer + (offset - begin);
04260 len -= (offset - begin);
04261
04262 if (len > length)
04263 len = length;
04264 return len;
04265 }
04266 #endif
04267
04268 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
04269 static int
04270 auto_write_proc_info(char *buffer, char **start, off_t offset, int length)
04271 {
04272 int len = 0;
04273 off_t pos = 0;
04274 off_t begin = 0;
04275
04276 union rsbac_target_id_t rsbac_target_id;
04277 union rsbac_attribute_value_t rsbac_attribute_value;
04278
04279 if (!rsbac_initialized) return (-ENOSYS);
04280
04281 #ifdef CONFIG_RSBAC_DEBUG
04282 if (rsbac_debug_aef)
04283 {
04284 rsbac_printk(KERN_DEBUG "auto_write_proc_info(): calling ADF\n");
04285 }
04286 #endif
04287 rsbac_target_id.scd = ST_rsbac;
04288 rsbac_attribute_value.dummy = 0;
04289 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04290 current->pid,
04291 T_SCD,
04292 rsbac_target_id,
04293 A_none,
04294 rsbac_attribute_value))
04295 {
04296 return -EPERM;
04297 }
04298
04299 len = sprintf(buffer, "RSBAC auto write settings\n-------------------------\n");
04300 pos = begin + len;
04301 if (pos < offset)
04302 {
04303 len = 0;
04304 begin = pos;
04305 }
04306 if (pos > offset+length)
04307 goto out;
04308
04309 len += sprintf(buffer + len, "auto interval %u jiffies (%i jiffies = 1 second)\n",
04310 auto_interval, HZ);
04311 pos = begin + len;
04312 if (pos < offset)
04313 {
04314 len = 0;
04315 begin = pos;
04316 }
04317 if (pos > offset+length)
04318 goto out;
04319
04320 #ifdef CONFIG_RSBAC_DEBUG
04321 len += sprintf(buffer + len, "debug level is %i\n",
04322 rsbac_debug_auto);
04323 pos = begin + len;
04324 if (pos < offset)
04325 {
04326 len = 0;
04327 begin = pos;
04328 }
04329 #endif
04330
04331 out:
04332 *start = buffer + (offset - begin);
04333 len -= (offset - begin);
04334
04335 if (len > length)
04336 len = length;
04337 return len;
04338 }
04339
04340 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
04341 static int auto_write_proc_write(struct file * file, const char * buf,
04342 u_long count, void *ppos)
04343 #else
04344 static int auto_write_proc_write(struct file * file, const char __user * buf,
04345 u_long count, void *data)
04346 #endif
04347 {
04348 ssize_t err;
04349 char * k_buf;
04350 char * p;
04351
04352 union rsbac_target_id_t rsbac_target_id;
04353 union rsbac_attribute_value_t rsbac_attribute_value;
04354
04355 if(count > PROC_BLOCK_SIZE) {
04356 return(-EOVERFLOW);
04357 }
04358
04359 if (!(k_buf = (char *) __get_free_page(GFP_KERNEL)))
04360 return(-ENOMEM);
04361 err = copy_from_user(k_buf, buf, count);
04362 if(err < 0)
04363 return err;
04364
04365 err = count;
04366 if(count < 13 || strncmp("auto", k_buf, 4))
04367 {
04368 goto out;
04369 }
04370 if (!rsbac_initialized)
04371 {
04372 err=-ENOSYS;
04373 goto out;
04374 }
04375
04376 #ifdef CONFIG_RSBAC_DEBUG
04377 if (rsbac_debug_aef)
04378 rsbac_printk(KERN_DEBUG "auto_write_proc_write(): calling ADF\n");
04379 #endif
04380 rsbac_target_id.scd = ST_rsbac;
04381 rsbac_attribute_value.dummy = 0;
04382 if (!rsbac_adf_request(R_MODIFY_SYSTEM_DATA,
04383 current->pid,
04384 T_SCD,
04385 rsbac_target_id,
04386 A_none,
04387 rsbac_attribute_value))
04388 {
04389 err = -EPERM;
04390 goto out;
04391 }
04392
04393
04394
04395
04396
04397 if(!strncmp("interval", k_buf + 5, 8))
04398 {
04399 unsigned int interval;
04400
04401 p = k_buf + 5 + 9;
04402
04403 if( *p == '\0' )
04404 goto out;
04405
04406 interval = simple_strtoul(p, NULL, 0);
04407
04408 if(interval >= HZ)
04409 {
04410 rsbac_printk(KERN_INFO
04411 "auto_write_proc_write(): setting auto write interval to %u\n",
04412 interval);
04413 auto_interval = interval;
04414 err = count;
04415 goto out;
04416 }
04417 else
04418 {
04419 rsbac_printk(KERN_INFO
04420 "auto_write_proc_write(): rejecting too short auto write interval %u (min. %i)\n",
04421 interval, HZ);
04422 goto out;
04423 }
04424 }
04425
04426 #ifdef CONFIG_RSBAC_DEBUG
04427
04428
04429
04430
04431 if(!strncmp("debug", k_buf + 5, 5))
04432 {
04433 unsigned int debug_level;
04434
04435 p = k_buf + 5 + 6;
04436
04437 if( *p == '\0' )
04438 goto out;
04439
04440 debug_level = simple_strtoul(p, NULL, 0);
04441
04442 if(!debug_level || (debug_level == 1))
04443 {
04444 rsbac_printk(KERN_INFO
04445 "auto_write_proc_write(): setting rsbac_debug_auto to %u\n",
04446 debug_level);
04447 rsbac_debug_auto = debug_level;
04448 err = count;
04449 }
04450 else
04451 {
04452 rsbac_printk(KERN_INFO
04453 "auto_write_proc_write(): rejecting invalid debug level (should be 0 or 1)\n");
04454 }
04455 }
04456 #endif
04457
04458 out:
04459 free_page((ulong) k_buf);
04460 return(err);
04461 }
04462 #endif
04463
04464 static int
04465 versions_proc_info(char *buffer, char **start, off_t offset, int length)
04466 {
04467 int len = 0;
04468 off_t pos = 0;
04469 off_t begin = 0;
04470
04471 union rsbac_target_id_t rsbac_target_id;
04472 union rsbac_attribute_value_t rsbac_attribute_value;
04473
04474 if (!rsbac_initialized) return (-ENOSYS);
04475
04476 #ifdef CONFIG_RSBAC_DEBUG
04477 if (rsbac_debug_aef)
04478 {
04479 rsbac_printk(KERN_DEBUG "versions_proc_info(): calling ADF\n");
04480 }
04481 #endif
04482 rsbac_target_id.scd = ST_rsbac;
04483 rsbac_attribute_value.dummy = 0;
04484 if (!rsbac_adf_request(R_GET_STATUS_DATA,
04485 current->pid,
04486 T_SCD,
04487 rsbac_target_id,
04488 A_none,
04489 rsbac_attribute_value))
04490 {
04491 return -EPERM;
04492 }
04493
04494 len = sprintf(buffer,
04495 "RSBAC version settings (%s)\n----------------------\n",
04496 RSBAC_VERSION);
04497 pos = begin + len;
04498 if (pos < offset)
04499 {
04500 len = 0;
04501 begin = pos;
04502 }
04503 if (pos > offset+length)
04504 goto out;
04505
04506 len += sprintf(buffer + len, "FD lists:\nGEN aci version is %u, aci entry size is %Zd, %u lists per device\n",
04507 RSBAC_GEN_FD_ACI_VERSION, sizeof(struct rsbac_gen_fd_aci_t), RSBAC_GEN_NR_FD_LISTS);
04508 pos = begin + len;
04509 if (pos < offset)
04510 {
04511 len = 0;
04512 begin = pos;
04513 }
04514 if (pos > offset+length)
04515 goto out;
04516 #if defined(CONFIG_RSBAC_MAC)
04517 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd, %u lists per device\n",
04518 RSBAC_MAC_FD_ACI_VERSION, sizeof(struct rsbac_mac_fd_aci_t), RSBAC_MAC_NR_FD_LISTS);
04519 pos = begin + len;
04520 if (pos < offset)
04521 {
04522 len = 0;
04523 begin = pos;
04524 }
04525 if (pos > offset+length)
04526 goto out;
04527 #endif
04528 #if defined(CONFIG_RSBAC_PM)
04529 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd, %u lists per device\n",
04530 RSBAC_PM_FD_ACI_VERSION, sizeof(struct rsbac_pm_fd_aci_t), RSBAC_PM_NR_FD_LISTS);
04531 pos = begin + len;
04532 if (pos < offset)
04533 {
04534 len = 0;
04535 begin = pos;
04536 }
04537 if (pos > offset+length)
04538 goto out;
04539 #endif
04540 #if defined(CONFIG_RSBAC_DAZ)
04541 len += sprintf(buffer + len, "DAZ aci version is %u, aci entry size is %Zd, %u lists per device\n",
04542 RSBAC_DAZ_FD_ACI_VERSION, sizeof(struct rsbac_daz_fd_aci_t), RSBAC_DAZ_NR_FD_LISTS);
04543 pos = begin + len;
04544 if (pos < offset)
04545 {
04546 len = 0;
04547 begin = pos;
04548 }
04549 if (pos > offset+length)
04550 goto out;
04551 #if defined(CONFIG_RSBAC_DAZ_CACHE)
04552 len += sprintf(buffer + len, "DAZS aci version is %u, aci entry size is %Zd, %u lists per device\n",
04553 RSBAC_DAZ_SCANNED_FD_ACI_VERSION,
04554 sizeof(rsbac_daz_scanned_t),
04555 RSBAC_DAZ_SCANNED_NR_FD_LISTS);
04556 pos = begin + len;
04557 if (pos < offset)
04558 {
04559 len = 0;
04560 begin = pos;
04561 }
04562 if (pos > offset+length)
04563 goto out;
04564 #endif
04565 #endif
04566 #if defined(CONFIG_RSBAC_FF)
04567 len += sprintf(buffer + len, "FF aci version is %u, aci entry size is %Zd, %u lists per device\n",
04568 RSBAC_FF_FD_ACI_VERSION, sizeof(rsbac_ff_flags_t), RSBAC_FF_NR_FD_LISTS);
04569 pos = begin + len;
04570 if (pos < offset)
04571 {
04572 len = 0;
04573 begin = pos;
04574 }
04575 if (pos > offset+length)
04576 goto out;
04577 #endif
04578 #if defined(CONFIG_RSBAC_RC)
04579 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd, %u lists per device\n",
04580 RSBAC_RC_FD_ACI_VERSION, sizeof(struct rsbac_rc_fd_aci_t), RSBAC_RC_NR_FD_LISTS);
04581 pos = begin + len;
04582 if (pos < offset)
04583 {
04584 len = 0;
04585 begin = pos;
04586 }
04587 if (pos > offset+length)
04588 goto out;
04589 #endif
04590 #if defined(CONFIG_RSBAC_AUTH)
04591 len += sprintf(buffer + len, "AUTH aci version is %u, aci entry size is %Zd, %u lists per device\n",
04592 RSBAC_AUTH_FD_ACI_VERSION, sizeof(struct rsbac_auth_fd_aci_t), RSBAC_AUTH_NR_FD_LISTS);
04593 pos = begin + len;
04594 if (pos < offset)
04595 {
04596 len = 0;
04597 begin = pos;
04598 }
04599 if (pos > offset+length)
04600 goto out;
04601 #endif
04602 #if defined(CONFIG_RSBAC_CAP)
04603 len += sprintf(buffer + len, "CAP aci version is %u, aci entry size is %Zd, %u lists per device\n",
04604 RSBAC_CAP_FD_ACI_VERSION, sizeof(struct rsbac_cap_fd_aci_t), RSBAC_CAP_NR_FD_LISTS);
04605 pos = begin + len;
04606 if (pos < offset)
04607 {
04608 len = 0;
04609 begin = pos;
04610 }
04611 if (pos > offset+length)
04612 goto out;
04613 #endif
04614 #if defined(CONFIG_RSBAC_PAX)
04615 len += sprintf(buffer + len, "PAX aci version is %u, aci entry size is %Zd, %u lists per device\n",
04616 RSBAC_PAX_FD_ACI_VERSION, sizeof(rsbac_pax_flags_t), RSBAC_PAX_NR_FD_LISTS);
04617 pos = begin + len;
04618 if (pos < offset)
04619 {
04620 len = 0;
04621 begin = pos;
04622 }
04623 if (pos > offset+length)
04624 goto out;
04625 #endif
04626 #if defined(CONFIG_RSBAC_RES)
04627 len += sprintf(buffer + len, "RES aci version is %u, aci entry size is %Zd, %u lists per device\n",
04628 RSBAC_RES_FD_ACI_VERSION, sizeof(struct rsbac_res_fd_aci_t), RSBAC_RES_NR_FD_LISTS);
04629 pos = begin + len;
04630 if (pos < offset)
04631 {
04632 len = 0;
04633 begin = pos;
04634 }
04635 if (pos > offset+length)
04636 goto out;
04637 #endif
04638
04639
04640 len += sprintf(buffer + len, "\nDEV lists:\nGEN aci version is %u, aci entry size is %Zd\n",
04641 RSBAC_GEN_DEV_ACI_VERSION, sizeof(struct rsbac_gen_dev_aci_t));
04642 pos = begin + len;
04643 if (pos < offset)
04644 {
04645 len = 0;
04646 begin = pos;
04647 }
04648 if (pos > offset+length)
04649 goto out;
04650 #if defined(CONFIG_RSBAC_MAC)
04651 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd\n",
04652 RSBAC_MAC_DEV_ACI_VERSION, sizeof(struct rsbac_mac_dev_aci_t));
04653 pos = begin + len;
04654 if (pos < offset)
04655 {
04656 len = 0;
04657 begin = pos;
04658 }
04659 if (pos > offset+length)
04660 goto out;
04661 #endif
04662 #if defined(CONFIG_RSBAC_PM)
04663 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
04664 RSBAC_PM_DEV_ACI_VERSION, sizeof(struct rsbac_pm_dev_aci_t));
04665 pos = begin + len;
04666 if (pos < offset)
04667 {
04668 len = 0;
04669 begin = pos;
04670 }
04671 if (pos > offset+length)
04672 goto out;
04673 #endif
04674 #if defined(CONFIG_RSBAC_RC)
04675 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
04676 RSBAC_RC_DEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04677 pos = begin + len;
04678 if (pos < offset)
04679 {
04680 len = 0;
04681 begin = pos;
04682 }
04683 if (pos > offset+length)
04684 goto out;
04685 #endif
04686
04687
04688 len += sprintf(buffer + len, "\nIPC lists:\n");
04689 pos = begin + len;
04690 if (pos < offset)
04691 {
04692 len = 0;
04693 begin = pos;
04694 }
04695 if (pos > offset+length)
04696 goto out;
04697 #if defined(CONFIG_RSBAC_MAC)
04698 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd\n",
04699 RSBAC_MAC_IPC_ACI_VERSION, sizeof(struct rsbac_mac_ipc_aci_t));
04700 pos = begin + len;
04701 if (pos < offset)
04702 {
04703 len = 0;
04704 begin = pos;
04705 }
04706 if (pos > offset+length)
04707 goto out;
04708 #endif
04709 #if defined(CONFIG_RSBAC_PM)
04710 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
04711 RSBAC_PM_IPC_ACI_VERSION, sizeof(struct rsbac_pm_ipc_aci_t));
04712 pos = begin + len;
04713 if (pos < offset)
04714 {
04715 len = 0;
04716 begin = pos;
04717 }
04718 if (pos > offset+length)
04719 goto out;
04720 #endif
04721 #if defined(CONFIG_RSBAC_RC)
04722 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
04723 RSBAC_RC_IPC_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04724 pos = begin + len;
04725 if (pos < offset)
04726 {
04727 len = 0;
04728 begin = pos;
04729 }
04730 if (pos > offset+length)
04731 goto out;
04732 #endif
04733 #if defined(CONFIG_RSBAC_JAIL)
04734 len += sprintf(buffer + len, "JAIL aci version is %u, aci entry size is %Zd\n",
04735 RSBAC_JAIL_IPC_ACI_VERSION, sizeof(rsbac_jail_id_t));
04736 pos = begin + len;
04737 if (pos < offset)
04738 {
04739 len = 0;
04740 begin = pos;
04741 }
04742 if (pos > offset+length)
04743 goto out;
04744 #endif
04745
04746
04747 len += sprintf(buffer + len, "\nUSER lists:\nGEN aci version is %u, aci entry size is %Zd\n",
04748 RSBAC_GEN_USER_ACI_VERSION, sizeof(struct rsbac_gen_user_aci_t));
04749 pos = begin + len;
04750 if (pos < offset)
04751 {
04752 len = 0;
04753 begin = pos;
04754 }
04755 if (pos > offset+length)
04756 goto out;
04757 #if defined(CONFIG_RSBAC_MAC)
04758 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd\n",
04759 RSBAC_MAC_USER_ACI_VERSION, sizeof(struct rsbac_mac_user_aci_t));
04760 pos = begin + len;
04761 if (pos < offset)
04762 {
04763 len = 0;
04764 begin = pos;
04765 }
04766 if (pos > offset+length)
04767 goto out;
04768 #endif
04769 #if defined(CONFIG_RSBAC_PM)
04770 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
04771 RSBAC_PM_USER_ACI_VERSION, sizeof(struct rsbac_pm_user_aci_t));
04772 pos = begin + len;
04773 if (pos < offset)
04774 {
04775 len = 0;
04776 begin = pos;
04777 }
04778 if (pos > offset+length)
04779 goto out;
04780 #endif
04781 #if defined(CONFIG_RSBAC_DAZ)
04782 len += sprintf(buffer + len, "DAZ aci version is %u, aci entry size is %Zd\n",
04783 RSBAC_DAZ_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
04784 pos = begin + len;
04785 if (pos < offset)
04786 {
04787 len = 0;
04788 begin = pos;
04789 }
04790 if (pos > offset+length)
04791 goto out;
04792 #endif
04793 #if defined(CONFIG_RSBAC_RC)
04794 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
04795 RSBAC_RC_USER_ACI_VERSION, sizeof(rsbac_rc_role_id_t));
04796 pos = begin + len;
04797 if (pos < offset)
04798 {
04799 len = 0;
04800 begin = pos;
04801 }
04802 if (pos > offset+length)
04803 goto out;
04804 #endif
04805 #if defined(CONFIG_RSBAC_AUTH)
04806 len += sprintf(buffer + len, "AUTH aci version is %u, aci entry size is %Zd\n",
04807 RSBAC_AUTH_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
04808 pos = begin + len;
04809 if (pos < offset)
04810 {
04811 len = 0;
04812 begin = pos;
04813 }
04814 if (pos > offset+length)
04815 goto out;
04816 #endif
04817 #if defined(CONFIG_RSBAC_CAP)
04818 len += sprintf(buffer + len, "CAP aci version is %u, aci entry size is %Zd\n",
04819 RSBAC_CAP_USER_ACI_VERSION, sizeof(struct rsbac_cap_user_aci_t));
04820 pos = begin + len;
04821 if (pos < offset)
04822 {
04823 len = 0;
04824 begin = pos;
04825 }
04826 if (pos > offset+length)
04827 goto out;
04828 #endif
04829 #if defined(CONFIG_RSBAC_JAIL)
04830 len += sprintf(buffer + len, "JAIL aci version is %u, aci entry size is %Zd\n",
04831 RSBAC_JAIL_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
04832 pos = begin + len;
04833 if (pos < offset)
04834 {
04835 len = 0;
04836 begin = pos;
04837 }
04838 if (pos > offset+length)
04839 goto out;
04840 #endif
04841 #if defined(CONFIG_RSBAC_PAX)
04842 len += sprintf(buffer + len, "PAX aci version is %u, aci entry size is %Zd\n",
04843 RSBAC_PAX_USER_ACI_VERSION, sizeof(rsbac_system_role_int_t));
04844 pos = begin + len;
04845 if (pos < offset)
04846 {
04847 len = 0;
04848 begin = pos;
04849 }
04850 if (pos > offset+length)
04851 goto out;
04852 #endif
04853 #if defined(CONFIG_RSBAC_RES)
04854 len += sprintf(buffer + len, "RES aci version is %u, aci entry size is %Zd\n",
04855 RSBAC_RES_USER_ACI_VERSION, sizeof(struct rsbac_res_user_aci_t));
04856 pos = begin + len;
04857 if (pos < offset)
04858 {
04859 len = 0;
04860 begin = pos;
04861 }
04862 if (pos > offset+length)
04863 goto out;
04864 #endif
04865
04866
04867 len += sprintf(buffer + len, "\nPROCESS lists:\nGEN aci version is %i, aci entry size is %Zd, number of lists is %u\n",
04868 RSBAC_GEN_PROCESS_ACI_VERSION,
04869 sizeof(rsbac_request_vector_t),
04870 CONFIG_RSBAC_GEN_NR_P_LISTS);
04871 pos = begin + len;
04872 if (pos < offset)
04873 {
04874 len = 0;
04875 begin = pos;
04876 }
04877 if (pos > offset+length)
04878 goto out;
04879 #if defined(CONFIG_RSBAC_MAC)
04880 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04881 RSBAC_MAC_PROCESS_ACI_VERSION,
04882 sizeof(struct rsbac_mac_process_aci_t),
04883 CONFIG_RSBAC_MAC_NR_P_LISTS);
04884 pos = begin + len;
04885 if (pos < offset)
04886 {
04887 len = 0;
04888 begin = pos;
04889 }
04890 if (pos > offset+length)
04891 goto out;
04892 #endif
04893 #if defined(CONFIG_RSBAC_PM)
04894 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
04895 RSBAC_PM_PROCESS_ACI_VERSION, sizeof(struct rsbac_pm_process_aci_t));
04896 pos = begin + len;
04897 if (pos < offset)
04898 {
04899 len = 0;
04900 begin = pos;
04901 }
04902 if (pos > offset+length)
04903 goto out;
04904 #endif
04905 #if defined(CONFIG_RSBAC_RC)
04906 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04907 RSBAC_RC_PROCESS_ACI_VERSION,
04908 sizeof(struct rsbac_rc_process_aci_t),
04909 CONFIG_RSBAC_RC_NR_P_LISTS);
04910 pos = begin + len;
04911 if (pos < offset)
04912 {
04913 len = 0;
04914 begin = pos;
04915 }
04916 if (pos > offset+length)
04917 goto out;
04918 #endif
04919 #if defined(CONFIG_RSBAC_AUTH)
04920 len += sprintf(buffer + len, "AUTH aci version is %u, aci entry size is %Zd\n",
04921 RSBAC_AUTH_PROCESS_ACI_VERSION, sizeof(struct rsbac_auth_process_aci_t));
04922 pos = begin + len;
04923 if (pos < offset)
04924 {
04925 len = 0;
04926 begin = pos;
04927 }
04928 if (pos > offset+length)
04929 goto out;
04930 #endif
04931 #if defined(CONFIG_RSBAC_CAP)
04932 len += sprintf(buffer + len, "CAP aci version is %u, aci entry size is %Zd\n",
04933 RSBAC_CAP_PROCESS_ACI_VERSION, sizeof(struct rsbac_cap_process_aci_t));
04934 pos = begin + len;
04935 if (pos < offset)
04936 {
04937 len = 0;
04938 begin = pos;
04939 }
04940 if (pos > offset+length)
04941 goto out;
04942 #endif
04943 #if defined(CONFIG_RSBAC_JAIL)
04944 len += sprintf(buffer + len, "JAIL aci version is %u, aci entry size is %Zd, number of lists is %u\n",
04945 RSBAC_JAIL_PROCESS_ACI_VERSION,
04946 sizeof(struct rsbac_jail_process_aci_t),
04947 CONFIG_RSBAC_JAIL_NR_P_LISTS);
04948 pos = begin + len;
04949 if (pos < offset)
04950 {
04951 len = 0;
04952 begin = pos;
04953 }
04954 if (pos > offset+length)
04955 goto out;
04956 #endif
04957
04958 #if defined(CONFIG_RSBAC_NET_DEV)
04959 len += sprintf(buffer + len, "\nNETDEV lists:\n");
04960 pos = begin + len;
04961 if (pos < offset)
04962 {
04963 len = 0;
04964 begin = pos;
04965 }
04966 if (pos > offset+length)
04967 goto out;
04968 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
04969 len += sprintf(buffer + len, "GEN aci version is %u, aci entry size is %Zd\n",
04970 RSBAC_GEN_NETDEV_ACI_VERSION, sizeof(struct rsbac_gen_netdev_aci_t));
04971 pos = begin + len;
04972 if (pos < offset)
04973 {
04974 len = 0;
04975 begin = pos;
04976 }
04977 if (pos > offset+length)
04978 goto out;
04979 #endif
04980 #if defined(CONFIG_RSBAC_RC)
04981 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
04982 RSBAC_RC_NETDEV_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
04983 pos = begin + len;
04984 if (pos < offset)
04985 {
04986 len = 0;
04987 begin = pos;
04988 }
04989 if (pos > offset+length)
04990 goto out;
04991 #endif
04992 #endif
04993
04994 #if defined(CONFIG_RSBAC_NET_OBJ)
04995 len += sprintf(buffer + len, "\nNetwork Template list: version is %u, data size is %Zd\n",
04996 RSBAC_NET_TEMP_VERSION, sizeof(struct rsbac_net_temp_data_t));
04997 pos = begin + len;
04998 if (pos < offset)
04999 {
05000 len = 0;
05001 begin = pos;
05002 }
05003 if (pos > offset+length)
05004 goto out;
05005 len += sprintf(buffer + len, "\nNETOBJ lists:\nGEN aci version is %u, aci entry size is %Zd\n",
05006 RSBAC_GEN_NETOBJ_ACI_VERSION, sizeof(struct rsbac_gen_netobj_aci_t));
05007 pos = begin + len;
05008 if (pos < offset)
05009 {
05010 len = 0;
05011 begin = pos;
05012 }
05013 if (pos > offset+length)
05014 goto out;
05015 #if defined(CONFIG_RSBAC_MAC)
05016 len += sprintf(buffer + len, "MAC aci version is %u, aci entry size is %Zd\n",
05017 RSBAC_MAC_NETOBJ_ACI_VERSION, sizeof(struct rsbac_mac_netobj_aci_t));
05018 pos = begin + len;
05019 if (pos < offset)
05020 {
05021 len = 0;
05022 begin = pos;
05023 }
05024 if (pos > offset+length)
05025 goto out;
05026 #endif
05027 #if defined(CONFIG_RSBAC_PM)
05028 len += sprintf(buffer + len, "PM aci version is %u, aci entry size is %Zd\n",
05029 RSBAC_PM_NETOBJ_ACI_VERSION, sizeof(struct rsbac_pm_netobj_aci_t));
05030 pos = begin + len;
05031 if (pos < offset)
05032 {
05033 len = 0;
05034 begin = pos;
05035 }
05036 if (pos > offset+length)
05037 goto out;
05038 #endif
05039 #if defined(CONFIG_RSBAC_RC)
05040 len += sprintf(buffer + len, "RC aci version is %u, aci entry size is %Zd\n",
05041 RSBAC_RC_NETOBJ_ACI_VERSION, sizeof(rsbac_rc_type_id_t));
05042 pos = begin + len;
05043 if (pos < offset)
05044 {
05045 len = 0;
05046 begin = pos;
05047 }
05048 if (pos > offset+length)
05049 goto out;
05050 #endif
05051 #endif
05052
05053 len += sprintf(buffer + len, "\nlog_levels array: version is %u, array size is %Zd\n",
05054 RSBAC_LOG_LEVEL_VERSION, R_NONE * (T_NONE+1) * sizeof(rsbac_enum_t));
05055 pos = begin + len;
05056 if (pos < offset)
05057 {
05058 len = 0;
05059 begin = pos;
05060 }
05061
05062 out:
05063 *start = buffer + (offset - begin);
05064 len -= (offset - begin);
05065
05066 if (len > length)
05067 len = length;
05068 return len;
05069 }
05070
05071 #ifdef CONFIG_RSBAC_NET_OBJ
05072 static int
05073 net_temp_proc_info(char *buffer, char **start, off_t offset, int length)
05074 {
05075 u_int len = 0;
05076 off_t pos = 0;
05077 off_t begin = 0;
05078 rsbac_net_temp_id_t * temp_array;
05079 long count;
05080
05081 union rsbac_target_id_t rsbac_target_id;
05082 union rsbac_attribute_value_t rsbac_attribute_value;
05083
05084 if (!rsbac_initialized) return (-ENOSYS);
05085
05086 #ifdef CONFIG_RSBAC_DEBUG
05087 if (rsbac_debug_aef)
05088 {
05089 rsbac_printk(KERN_DEBUG "net_temp_proc_info(): calling ADF\n");
05090 }
05091 #endif
05092 rsbac_target_id.scd = ST_rsbac;
05093 rsbac_attribute_value.dummy = 0;
05094 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05095 current->pid,
05096 T_SCD,
05097 rsbac_target_id,
05098 A_none,
05099 rsbac_attribute_value))
05100 {
05101 return -EPERM;
05102 }
05103
05104 len = sprintf(buffer, "Network Templates\n-----------------\n");
05105 pos = begin + len;
05106 if (pos < offset)
05107 {
05108 len = 0;
05109 begin = pos;
05110 }
05111 if (pos > offset+length)
05112 goto out;
05113
05114 count = rsbac_list_get_all_desc(net_temp_handle, (void **) &temp_array);
05115 if(count > 0)
05116 {
05117 __u32 i;
05118 struct rsbac_net_temp_data_t data;
05119
05120 for(i=0; i < count; i++)
05121 {
05122 if(!rsbac_list_get_data(net_temp_handle, &temp_array[i], &data))
05123 {
05124 len += sprintf(buffer + len, "%10u %s\n",
05125 temp_array[i], data.name);
05126 pos = begin + len;
05127 if (pos < offset)
05128 {
05129 len = 0;
05130 begin = pos;
05131 }
05132 if (pos > offset+length)
05133 {
05134 rsbac_vfree(temp_array);
05135 goto out;
05136 }
05137 }
05138 }
05139 rsbac_vfree(temp_array);
05140 }
05141 len += sprintf(buffer + len, "%lu templates\n",
05142 count);
05143 pos = begin + len;
05144 if (pos < offset)
05145 {
05146 len = 0;
05147 begin = pos;
05148 }
05149
05150 out:
05151 *start = buffer + (offset - begin);
05152 len -= (offset - begin);
05153
05154 if (len > length)
05155 len = length;
05156 return len;
05157 }
05158 #endif
05159
05160 #ifdef CONFIG_RSBAC_JAIL
05161 static int
05162 jail_proc_info(char *buffer, char **start, off_t offset, int length)
05163 {
05164 u_int len = 0;
05165 off_t pos = 0;
05166 off_t begin = 0;
05167 rsbac_pid_t * pid_array;
05168 struct rsbac_ipc_t * ipc_array;
05169 u_long count = 0;
05170 u_int i;
05171 u_int j;
05172 long subcount;
05173 struct rsbac_jail_process_aci_t data;
05174 union rsbac_target_id_t rsbac_target_id;
05175 union rsbac_attribute_value_t rsbac_attribute_value;
05176
05177 if (!rsbac_initialized) return (-ENOSYS);
05178
05179 #ifdef CONFIG_RSBAC_DEBUG
05180 if (rsbac_debug_aef)
05181 {
05182 rsbac_printk(KERN_DEBUG "jail_proc_info(): calling ADF\n");
05183 }
05184 #endif
05185 rsbac_target_id.scd = ST_rsbac;
05186 rsbac_attribute_value.dummy = 0;
05187 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05188 current->pid,
05189 T_SCD,
05190 rsbac_target_id,
05191 A_none,
05192 rsbac_attribute_value))
05193 {
05194 return -EPERM;
05195 }
05196
05197 len = sprintf(buffer, "JAILed Processes\n----------------\nPID Jail-ID Flags Max Caps SCD get SCD modify IP\n");
05198 pos = begin + len;
05199 if (pos < offset)
05200 {
05201 len = 0;
05202 begin = pos;
05203 }
05204 if (pos > offset+length)
05205 goto out;
05206
05207 for(j=0; j<CONFIG_RSBAC_JAIL_NR_P_LISTS; j++)
05208 {
05209 subcount = rsbac_list_get_all_desc(process_handles.jail[j], (void **) &pid_array);
05210 if(subcount > 0)
05211 {
05212 for(i=0; i < subcount; i++)
05213 {
05214 if(!rsbac_list_get_data(process_handles.jail[j], &pid_array[i], &data))
05215 {
05216 len += sprintf(buffer + len, "%-5u %-10u %-7u %-10i %-10u %-10u %u.%u.%u.%u\n",
05217 pid_array[i],
05218 data.id,
05219 data.flags,
05220 data.max_caps,
05221 data.scd_get,
05222 data.scd_modify,
05223 NIPQUAD(data.ip));
05224 pos = begin + len;
05225 if (pos < offset)
05226 {
05227 len = 0;
05228 begin = pos;
05229 }
05230 if (pos > offset+length)
05231 {
05232 rsbac_vfree(pid_array);
05233 goto out;
05234 }
05235 }
05236 }
05237 count += subcount;
05238 }
05239 rsbac_vfree(pid_array);
05240 }
05241 len += sprintf(buffer + len, "%lu jailed processes\n",
05242 count);
05243 pos = begin + len;
05244 if (pos < offset)
05245 {
05246 len = 0;
05247 begin = pos;
05248 }
05249 if (pos > offset+length)
05250 goto out;
05251
05252 len += sprintf(buffer + len, "\nJAIL IPCs\n---------\nType IPC-ID Jail-ID\n");
05253 pos = begin + len;
05254 if (pos < offset)
05255 {
05256 len = 0;
05257 begin = pos;
05258 }
05259 if (pos > offset+length)
05260 goto out;
05261
05262 count = rsbac_list_get_all_desc(ipc_handles.jail, (void **) &ipc_array);
05263 if(count > 0)
05264 {
05265 __u32 i;
05266 rsbac_jail_id_t data;
05267 char tmp[RSBAC_MAXNAMELEN];
05268
05269 for(i=0; i < count; i++)
05270 {
05271 if(!rsbac_list_get_data(ipc_handles.jail, &ipc_array[i], &data))
05272 {
05273 len += sprintf(buffer + len, "%-10s %-10lu %-10u\n",
05274 get_ipc_target_name(tmp, ipc_array[i].type),
05275 ipc_array[i].id.id_nr,
05276 data);
05277 pos = begin + len;
05278 if (pos < offset)
05279 {
05280 len = 0;
05281 begin = pos;
05282 }
05283 if (pos > offset+length)
05284 {
05285 rsbac_vfree(ipc_array);
05286 goto out;
05287 }
05288 }
05289 }
05290 rsbac_vfree(ipc_array);
05291 }
05292 len += sprintf(buffer + len, "%lu JAIL IPCs\n",
05293 count);
05294 pos = begin + len;
05295 if (pos < offset)
05296 {
05297 len = 0;
05298 begin = pos;
05299 }
05300 if (pos > offset+length)
05301 goto out;
05302 out:
05303 *start = buffer + (offset - begin);
05304 len -= (offset - begin);
05305
05306 if (len > length)
05307 len = length;
05308 return len;
05309 }
05310 #endif
05311
05312 #ifdef CONFIG_RSBAC_PAX
05313 static int
05314 pax_proc_info(char *buffer, char **start, off_t offset, int length)
05315 {
05316 int len = 0;
05317 off_t pos = 0;
05318 off_t begin = 0;
05319
05320 union rsbac_target_id_t rsbac_target_id;
05321 union rsbac_attribute_value_t rsbac_attribute_value;
05322
05323 if (!rsbac_initialized)
05324 return (-ENOSYS);
05325
05326 rsbac_target_id.scd = ST_rsbac;
05327 rsbac_attribute_value.dummy = 0;
05328 if (!rsbac_adf_request(R_GET_STATUS_DATA,
05329 current->pid,
05330 T_SCD,
05331 rsbac_target_id,
05332 A_none,
05333 rsbac_attribute_value))
05334 {
05335 return -EPERM;
05336 }
05337 len += sprintf(buffer, "RSBAC PaX module\n----------------\n");
05338 pos = begin + len;
05339 if (pos < offset)
05340 {
05341 len = 0;
05342 begin = pos;
05343 }
05344 if (pos > offset+length)
05345 goto out;
05346
05347 len += sprintf(buffer + len, "%li user list items.\n",
05348 rsbac_list_count(user_handles.pax));
05349 pos = begin + len;
05350 if (pos < offset)
05351 {
05352 len = 0;
05353 begin = pos;
05354 }
05355 if (pos > offset+length)
05356 goto out;
05357
05358 out:
05359 *start = buffer + (offset - begin);
05360 len -= (offset - begin);
05361
05362 if (len > length)
05363 len = length;
05364 return len;
05365 }
05366 #endif
05367
05368 static int register_all_rsbac_proc(void)
05369 {
05370 struct proc_dir_entry * tmp_entry_p;
05371
05372 proc_rsbac_root_p = create_proc_entry("rsbac-info",
05373 S_IFDIR | S_IRUGO | S_IXUGO,
05374 &proc_root);
05375 if(!proc_rsbac_root_p)
05376 return -RSBAC_ECOULDNOTADDITEM;
05377
05378 proc_rsbac_backup_p = create_proc_entry("backup",
05379 S_IFDIR | S_IRUGO | S_IXUGO,
05380 proc_rsbac_root_p);
05381 if(!proc_rsbac_root_p)
05382 return -RSBAC_ECOULDNOTADDITEM;
05383
05384 tmp_entry_p = create_proc_entry("devices",
05385 S_IFREG | S_IRUGO,
05386 proc_rsbac_root_p);
05387 if(!tmp_entry_p)
05388 return -RSBAC_ECOULDNOTADDITEM;
05389 tmp_entry_p->get_info = devices_proc_info;
05390
05391 tmp_entry_p = create_proc_entry("stats",
05392 S_IFREG | S_IRUGO,
05393 proc_rsbac_root_p);
05394 if(!tmp_entry_p)
05395 return -RSBAC_ECOULDNOTADDITEM;
05396 tmp_entry_p->get_info = stats_proc_info;
05397
05398 tmp_entry_p = create_proc_entry("active",
05399 S_IFREG | S_IRUGO,
05400 proc_rsbac_root_p);
05401 if(!tmp_entry_p)
05402 return -RSBAC_ECOULDNOTADDITEM;
05403 tmp_entry_p->get_info = active_proc_info;
05404
05405 #ifdef CONFIG_RSBAC_XSTATS
05406 tmp_entry_p = create_proc_entry("xstats",
05407 S_IFREG | S_IRUGO,
05408 proc_rsbac_root_p);
05409 if(!tmp_entry_p)
05410 return -RSBAC_ECOULDNOTADDITEM;
05411 tmp_entry_p->get_info = xstats_proc_info;
05412 #endif
05413 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
05414 tmp_entry_p = create_proc_entry("auto_write",
05415 S_IFREG | S_IRUGO | S_IWUGO,
05416 proc_rsbac_root_p);
05417 if(!tmp_entry_p)
05418 return -RSBAC_ECOULDNOTADDITEM;
05419 tmp_entry_p->get_info = auto_write_proc_info;
05420 tmp_entry_p->write_proc = auto_write_proc_write;
05421 #endif
05422 tmp_entry_p = create_proc_entry("versions",
05423 S_IFREG | S_IRUGO,
05424 proc_rsbac_root_p);
05425 if(!tmp_entry_p)
05426 return -RSBAC_ECOULDNOTADDITEM;
05427 tmp_entry_p->get_info = versions_proc_info;
05428
05429 #ifdef CONFIG_RSBAC_NET_OBJ
05430 tmp_entry_p = create_proc_entry("net_temp",
05431 S_IFREG | S_IRUGO,
05432 proc_rsbac_root_p);
05433 if(!tmp_entry_p)
05434 return -RSBAC_ECOULDNOTADDITEM;
05435 tmp_entry_p->get_info = net_temp_proc_info;
05436 #endif
05437 #ifdef CONFIG_RSBAC_JAIL
05438 tmp_entry_p = create_proc_entry("jails",
05439 S_IFREG | S_IRUGO,
05440 proc_rsbac_root_p);
05441 if(!tmp_entry_p)
05442 return -RSBAC_ECOULDNOTADDITEM;
05443 tmp_entry_p->get_info = jail_proc_info;
05444 #endif
05445 #ifdef CONFIG_RSBAC_PAX
05446 tmp_entry_p = create_proc_entry("pax",
05447 S_IFREG | S_IRUGO,
05448 proc_rsbac_root_p);
05449 if(!tmp_entry_p)
05450 return -RSBAC_ECOULDNOTADDITEM;
05451 tmp_entry_p->get_info = pax_proc_info;
05452 #endif
05453
05454 return(0);
05455 }
05456
05457
05458
05459
05460
05461
05462
05463
05464
05465
05466
05467
05468
05469
05470
05471
05472
05473
05474
05475
05476
05477
05478
05479 #endif
05480
05481
05482
05483
05484
05485
05486
05487
05488
05489
05490
05491
05492
05493
05494
05495 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
05496 #ifdef CONFIG_RSBAC_INIT_DELAY
05497 int rsbac_init_daz(void);
05498 #else
05499 int __init rsbac_init_daz(void);
05500 #endif
05501 #endif
05502
05503 #ifdef CONFIG_RSBAC_INIT_DELAY
05504 static void registration_error(int err, char * listname)
05505 #else
05506 static void __init registration_error(int err, char * listname)
05507 #endif
05508 {
05509 if(err < 0)
05510 {
05511 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
05512
05513 if(tmp)
05514 {
05515 rsbac_printk(KERN_WARNING
05516 "rsbac_do_init(): Registering %s list failed with error %s\n",
05517 listname,
05518 get_error_name(tmp, err));
05519 rsbac_kfree(tmp);
05520 }
05521 }
05522 }
05523
05524 #ifdef CONFIG_RSBAC_INIT_DELAY
05525 static int register_dev_lists(void)
05526 #else
05527 static int __init register_dev_lists(void)
05528 #endif
05529 {
05530 int err = 0;
05531 struct rsbac_list_info_t * list_info_p;
05532
05533 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05534 if(!list_info_p)
05535 {
05536 return -ENOMEM;
05537 }
05538
05539 #ifdef CONFIG_RSBAC_DEBUG
05540 if (rsbac_debug_ds)
05541 {
05542 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering DEV lists\n");
05543 }
05544 #endif
05545 {
05546 struct rsbac_gen_dev_aci_t def_aci = DEFAULT_GEN_DEV_ACI;
05547
05548 list_info_p->version = RSBAC_GEN_DEV_ACI_VERSION;
05549 list_info_p->key = RSBAC_GEN_DEV_ACI_KEY;
05550 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05551 list_info_p->data_size = sizeof(struct rsbac_gen_dev_aci_t);
05552 list_info_p->max_age = 0;
05553 err = rsbac_list_register(RSBAC_LIST_VERSION,
05554 &dev_handles.gen,
05555 list_info_p,
05556 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05557 RSBAC_LIST_BACKUP |
05558 #endif
05559 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05560 dev_compare,
05561 gen_dev_get_conv,
05562 &def_aci,
05563 RSBAC_GEN_ACI_DEV_NAME,
05564 RSBAC_AUTO_DEV);
05565 if(err)
05566 {
05567 registration_error(err, "DEV General");
05568 }
05569 }
05570 #if defined(CONFIG_RSBAC_MAC)
05571 {
05572 struct rsbac_mac_dev_aci_t def_aci = DEFAULT_MAC_DEV_ACI;
05573
05574 list_info_p->version = RSBAC_MAC_DEV_ACI_VERSION;
05575 list_info_p->key = RSBAC_MAC_DEV_ACI_KEY;
05576 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05577 list_info_p->data_size = sizeof(struct rsbac_mac_dev_aci_t);
05578 list_info_p->max_age = 0;
05579 err = rsbac_list_register(RSBAC_LIST_VERSION,
05580 &dev_handles.mac,
05581 list_info_p,
05582 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05583 RSBAC_LIST_BACKUP |
05584 #endif
05585 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05586 dev_compare,
05587 mac_dev_get_conv,
05588 &def_aci,
05589 RSBAC_MAC_ACI_DEV_NAME,
05590 RSBAC_AUTO_DEV);
05591 if(err)
05592 {
05593 registration_error(err, "DEV MAC");
05594 }
05595 }
05596 #endif
05597 #if defined(CONFIG_RSBAC_PM)
05598 {
05599 struct rsbac_pm_dev_aci_t def_aci = DEFAULT_PM_DEV_ACI;
05600
05601 list_info_p->version = RSBAC_PM_DEV_ACI_VERSION;
05602 list_info_p->key = RSBAC_PM_DEV_ACI_KEY;
05603 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05604 list_info_p->data_size = sizeof(struct rsbac_pm_dev_aci_t);
05605 list_info_p->max_age = 0;
05606 err = rsbac_list_register(RSBAC_LIST_VERSION,
05607 &dev_handles.pm,
05608 list_info_p,
05609 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05610 RSBAC_LIST_BACKUP |
05611 #endif
05612 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05613 dev_compare,
05614 pm_dev_get_conv,
05615 &def_aci,
05616 RSBAC_PM_ACI_DEV_NAME,
05617 RSBAC_AUTO_DEV);
05618 if(err)
05619 {
05620 registration_error(err, "DEV PM");
05621 }
05622 }
05623 #endif
05624 #if defined(CONFIG_RSBAC_RC)
05625 {
05626 rsbac_rc_type_id_t def_major_aci = RSBAC_RC_GENERAL_TYPE;
05627 rsbac_rc_type_id_t def_aci = RC_type_inherit_parent;
05628
05629 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05630 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05631 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05632 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05633 list_info_p->max_age = 0;
05634 err = rsbac_list_register(RSBAC_LIST_VERSION,
05635 &dev_major_handles.rc,
05636 list_info_p,
05637 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05638 RSBAC_LIST_BACKUP |
05639 #endif
05640 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05641 dev_major_compare,
05642 rc_dev_get_conv,
05643 &def_major_aci,
05644 RSBAC_RC_ACI_DEV_MAJOR_NAME,
05645 RSBAC_AUTO_DEV);
05646 if(err)
05647 {
05648 registration_error(err, "DEV major RC");
05649 }
05650 list_info_p->version = RSBAC_RC_DEV_ACI_VERSION;
05651 list_info_p->key = RSBAC_RC_DEV_ACI_KEY;
05652 list_info_p->desc_size = sizeof(struct rsbac_dev_desc_t);
05653 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05654 list_info_p->max_age = 0;
05655 err = rsbac_list_register(RSBAC_LIST_VERSION,
05656 &dev_handles.rc,
05657 list_info_p,
05658 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05659 RSBAC_LIST_BACKUP |
05660 #endif
05661 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05662 dev_compare,
05663 rc_dev_get_conv,
05664 &def_aci,
05665 RSBAC_RC_ACI_DEV_NAME,
05666 RSBAC_AUTO_DEV);
05667 if(err)
05668 {
05669 registration_error(err, "DEV RC");
05670 }
05671 }
05672 #endif
05673
05674 rsbac_kfree(list_info_p);
05675 return err;
05676 }
05677
05678 #ifdef CONFIG_RSBAC_INIT_DELAY
05679 static int register_ipc_lists(void)
05680 #else
05681 static int __init register_ipc_lists(void)
05682 #endif
05683 {
05684 int err = 0;
05685 struct rsbac_list_info_t * list_info_p;
05686
05687 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05688 if(!list_info_p)
05689 {
05690 return -ENOMEM;
05691 }
05692
05693 #ifdef CONFIG_RSBAC_DEBUG
05694 if (rsbac_debug_ds)
05695 {
05696 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering IPC lists\n");
05697 }
05698 #endif
05699 #if defined(CONFIG_RSBAC_MAC)
05700 {
05701 struct rsbac_mac_ipc_aci_t def_aci = DEFAULT_MAC_IPC_ACI;
05702
05703 list_info_p->version = RSBAC_MAC_IPC_ACI_VERSION;
05704 list_info_p->key = RSBAC_MAC_IPC_ACI_KEY;
05705 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05706 list_info_p->data_size = sizeof(struct rsbac_mac_ipc_aci_t);
05707 list_info_p->max_age = 0;
05708 err = rsbac_list_register(RSBAC_LIST_VERSION,
05709 &ipc_handles.mac,
05710 list_info_p,
05711 RSBAC_LIST_DEF_DATA,
05712 ipc_compare,
05713 NULL,
05714 &def_aci,
05715 RSBAC_MAC_ACI_IPC_NAME,
05716 RSBAC_AUTO_DEV);
05717 if(err)
05718 {
05719 registration_error(err, "IPC MAC");
05720 }
05721 }
05722 #endif
05723 #if defined(CONFIG_RSBAC_PM)
05724 {
05725 struct rsbac_pm_ipc_aci_t def_aci = DEFAULT_PM_IPC_ACI;
05726
05727 list_info_p->version = RSBAC_PM_IPC_ACI_VERSION;
05728 list_info_p->key = RSBAC_PM_IPC_ACI_KEY;
05729 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05730 list_info_p->data_size = sizeof(struct rsbac_pm_ipc_aci_t);
05731 list_info_p->max_age = 0;
05732 err = rsbac_list_register(RSBAC_LIST_VERSION,
05733 &ipc_handles.pm,
05734 list_info_p,
05735 RSBAC_LIST_DEF_DATA,
05736 ipc_compare,
05737 NULL,
05738 &def_aci,
05739 RSBAC_PM_ACI_IPC_NAME,
05740 RSBAC_AUTO_DEV);
05741 if(err)
05742 {
05743 registration_error(err, "IPC PM");
05744 }
05745 }
05746 #endif
05747 #if defined(CONFIG_RSBAC_RC)
05748 {
05749 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
05750
05751 list_info_p->version = RSBAC_RC_IPC_ACI_VERSION;
05752 list_info_p->key = RSBAC_RC_IPC_ACI_KEY;
05753 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05754 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
05755 list_info_p->max_age = 0;
05756 err = rsbac_list_register(RSBAC_LIST_VERSION,
05757 &ipc_handles.rc,
05758 list_info_p,
05759 RSBAC_LIST_DEF_DATA,
05760 ipc_compare,
05761 NULL,
05762 &def_aci,
05763 RSBAC_RC_ACI_IPC_NAME,
05764 RSBAC_AUTO_DEV);
05765 if(err)
05766 {
05767 registration_error(err, "IPC RC");
05768 }
05769 }
05770 #endif
05771 #if defined(CONFIG_RSBAC_JAIL)
05772 {
05773 rsbac_jail_id_t def_aci = RSBAC_JAIL_DEF_ID;
05774
05775 list_info_p->version = RSBAC_JAIL_IPC_ACI_VERSION;
05776 list_info_p->key = RSBAC_JAIL_IPC_ACI_KEY;
05777 list_info_p->desc_size = sizeof(struct rsbac_ipc_t);
05778 list_info_p->data_size = sizeof(rsbac_jail_id_t);
05779 list_info_p->max_age = 0;
05780 err = rsbac_list_register(RSBAC_LIST_VERSION,
05781 &ipc_handles.jail,
05782 list_info_p,
05783 RSBAC_LIST_DEF_DATA,
05784 ipc_compare,
05785 NULL,
05786 &def_aci,
05787 RSBAC_JAIL_ACI_IPC_NAME,
05788 RSBAC_AUTO_DEV);
05789 if(err)
05790 {
05791 registration_error(err, "IPC JAIL");
05792 }
05793 }
05794 #endif
05795
05796 rsbac_kfree(list_info_p);
05797 return err;
05798 }
05799
05800 #ifdef CONFIG_RSBAC_INIT_DELAY
05801 static int register_user_lists(void)
05802 #else
05803 static int __init register_user_lists(void)
05804 #endif
05805 {
05806 int err = 0;
05807 struct rsbac_list_info_t * list_info_p;
05808
05809 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
05810 if(!list_info_p)
05811 {
05812 return -ENOMEM;
05813 }
05814
05815 #ifdef CONFIG_RSBAC_DEBUG
05816 if (rsbac_debug_ds)
05817 {
05818 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering USER lists\n");
05819 }
05820 #endif
05821
05822 {
05823 struct rsbac_gen_user_aci_t def_aci = DEFAULT_GEN_U_ACI;
05824
05825 list_info_p->version = RSBAC_GEN_USER_ACI_VERSION;
05826 list_info_p->key = RSBAC_GEN_USER_ACI_KEY;
05827 list_info_p->desc_size = sizeof(rsbac_uid_t);
05828 list_info_p->data_size = sizeof(struct rsbac_gen_user_aci_t);
05829 list_info_p->max_age = 0;
05830 err = rsbac_list_register(RSBAC_LIST_VERSION,
05831 &user_handles.gen,
05832 list_info_p,
05833 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05834 RSBAC_LIST_BACKUP |
05835 #endif
05836 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05837 rsbac_list_compare_u32,
05838 NULL,
05839 &def_aci,
05840 RSBAC_GEN_ACI_USER_NAME,
05841 RSBAC_AUTO_DEV);
05842 if(err)
05843 {
05844 registration_error(err, "USER General");
05845 }
05846 }
05847 #if defined(CONFIG_RSBAC_MAC)
05848 {
05849 struct rsbac_mac_user_aci_t def_aci = DEFAULT_MAC_U_ACI;
05850
05851 list_info_p->version = RSBAC_MAC_USER_ACI_VERSION;
05852 list_info_p->key = RSBAC_MAC_USER_ACI_KEY;
05853 list_info_p->desc_size = sizeof(rsbac_uid_t);
05854 list_info_p->data_size = sizeof(struct rsbac_mac_user_aci_t);
05855 list_info_p->max_age = 0;
05856 err = rsbac_list_register(RSBAC_LIST_VERSION,
05857 &user_handles.mac,
05858 list_info_p,
05859 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05860 RSBAC_LIST_BACKUP |
05861 #endif
05862 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05863 rsbac_list_compare_u32,
05864 mac_user_get_conv,
05865 &def_aci,
05866 RSBAC_MAC_ACI_USER_NAME,
05867 RSBAC_AUTO_DEV);
05868 if(err)
05869 {
05870 registration_error(err, "USER MAC");
05871 }
05872 else
05873 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.mac))
05874 {
05875 struct rsbac_mac_user_aci_t sysadm_aci = DEFAULT_MAC_U_SYSADM_ACI;
05876 struct rsbac_mac_user_aci_t secoff_aci = DEFAULT_MAC_U_SECOFF_ACI;
05877 struct rsbac_mac_user_aci_t auditor_aci = DEFAULT_MAC_U_AUDITOR_ACI;
05878 rsbac_uid_t user;
05879
05880 rsbac_printk(KERN_WARNING
05881 "rsbac_do_init(): USER MAC ACI could not be read - generating standard entries!\n");
05882 user = RSBAC_SYSADM_UID;
05883 if(rsbac_list_add(user_handles.mac, &user, &sysadm_aci))
05884 rsbac_printk(KERN_WARNING
05885 "rsbac_do_init(): SYSADM USER MAC entry could not be added!\n");
05886 user = RSBAC_SECOFF_UID;
05887 if(rsbac_list_add(user_handles.mac, &user, &secoff_aci))
05888 rsbac_printk(KERN_WARNING
05889 "rsbac_do_init(): SECOFF USER MAC entry could not be added!\n");
05890 user = RSBAC_AUDITOR_UID;
05891 if(rsbac_list_add(user_handles.mac, &user, &auditor_aci))
05892 rsbac_printk(KERN_WARNING
05893 "rsbac_do_init(): AUDITOR USER MAC entry could not be added!\n");
05894 }
05895 }
05896 #endif
05897 #if defined(CONFIG_RSBAC_PM)
05898 {
05899 struct rsbac_pm_user_aci_t def_aci = DEFAULT_PM_U_ACI;
05900
05901 list_info_p->version = RSBAC_PM_USER_ACI_VERSION;
05902 list_info_p->key = RSBAC_PM_USER_ACI_KEY;
05903 list_info_p->desc_size = sizeof(rsbac_uid_t);
05904 list_info_p->data_size = sizeof(struct rsbac_pm_user_aci_t);
05905 list_info_p->max_age = 0;
05906 err = rsbac_list_register(RSBAC_LIST_VERSION,
05907 &user_handles.pm,
05908 list_info_p,
05909 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05910 RSBAC_LIST_BACKUP |
05911 #endif
05912 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05913 rsbac_list_compare_u32,
05914 NULL,
05915 &def_aci,
05916 RSBAC_PM_ACI_USER_NAME,
05917 RSBAC_AUTO_DEV);
05918 if(err)
05919 {
05920 registration_error(err, "USER PM");
05921 }
05922 else
05923 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pm))
05924 {
05925 struct rsbac_pm_user_aci_t sysadm_aci = DEFAULT_PM_U_SYSADM_ACI;
05926 struct rsbac_pm_user_aci_t secoff_aci = DEFAULT_PM_U_SECOFF_ACI;
05927 struct rsbac_pm_user_aci_t dataprot_aci = DEFAULT_PM_U_DATAPROT_ACI;
05928 struct rsbac_pm_user_aci_t tpman_aci = DEFAULT_PM_U_TPMAN_ACI;
05929 rsbac_uid_t user;
05930
05931 rsbac_printk(KERN_WARNING
05932 "rsbac_do_init(): USER PM ACI could not be read - generating standard entries!\n");
05933 user = RSBAC_SYSADM_UID;
05934 if(rsbac_list_add(user_handles.pm, &user, &sysadm_aci))
05935 rsbac_printk(KERN_WARNING
05936 "rsbac_do_init(): SYSADM USER PM entry could not be added!\n");
05937 user = RSBAC_SECOFF_UID;
05938 if(rsbac_list_add(user_handles.pm, &user, &secoff_aci))
05939 rsbac_printk(KERN_WARNING
05940 "rsbac_do_init(): SECOFF USER PM entry could not be added!\n");
05941 user = RSBAC_DATAPROT_UID;
05942 if(rsbac_list_add(user_handles.pm, &user, &dataprot_aci))
05943 rsbac_printk(KERN_WARNING
05944 "rsbac_do_init(): DATAPROT USER PM entry could not be added!\n");
05945 user = RSBAC_TPMAN_UID;
05946 if(rsbac_list_add(user_handles.pm, &user, &tpman_aci))
05947 rsbac_printk(KERN_WARNING
05948 "rsbac_do_init(): TPMAN USER PM entry could not be added!\n");
05949 }
05950 }
05951 #endif
05952 #if defined(CONFIG_RSBAC_DAZ)
05953 {
05954 rsbac_system_role_int_t def_aci = SR_user;
05955
05956 list_info_p->version = RSBAC_DAZ_USER_ACI_VERSION;
05957 list_info_p->key = RSBAC_DAZ_USER_ACI_KEY;
05958 list_info_p->desc_size = sizeof(rsbac_uid_t);
05959 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
05960 list_info_p->max_age = 0;
05961 err = rsbac_list_register(RSBAC_LIST_VERSION,
05962 &user_handles.daz,
05963 list_info_p,
05964 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
05965 RSBAC_LIST_BACKUP |
05966 #endif
05967 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
05968 rsbac_list_compare_u32,
05969 NULL,
05970 &def_aci,
05971 RSBAC_DAZ_ACI_USER_NAME,
05972 RSBAC_AUTO_DEV);
05973 if(err)
05974 {
05975 registration_error(err, "USER DAZ");
05976 }
05977 else
05978 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.daz))
05979 {
05980 rsbac_uid_t user;
05981 rsbac_system_role_int_t role;
05982
05983 rsbac_printk(KERN_WARNING
05984 "rsbac_do_init(): USER DAZ ACI could not be read - generating standard entries!\n");
05985 user = RSBAC_SYSADM_UID;
05986 role = SR_administrator;
05987 if(rsbac_list_add(user_handles.daz, &user, &role))
05988 rsbac_printk(KERN_WARNING
05989 "rsbac_do_init(): SYSADM USER DAZ entry could not be added!\n");
05990 user = RSBAC_SECOFF_UID;
05991 role = SR_security_officer;
05992 if(rsbac_list_add(user_handles.daz, &user, &role))
05993 rsbac_printk(KERN_WARNING
05994 "rsbac_do_init(): SECOFF USER DAZ entry could not be added!\n");
05995 }
05996 }
05997 #endif
05998 #if defined(CONFIG_RSBAC_FF)
05999 {
06000 rsbac_system_role_int_t def_aci = SR_user;
06001
06002 list_info_p->version = RSBAC_FF_USER_ACI_VERSION;
06003 list_info_p->key = RSBAC_FF_USER_ACI_KEY;
06004 list_info_p->desc_size = sizeof(rsbac_uid_t);
06005 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06006 list_info_p->max_age = 0;
06007 err = rsbac_list_register(RSBAC_LIST_VERSION,
06008 &user_handles.ff,
06009 list_info_p,
06010 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06011 RSBAC_LIST_BACKUP |
06012 #endif
06013 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06014 rsbac_list_compare_u32,
06015 NULL,
06016 &def_aci,
06017 RSBAC_FF_ACI_USER_NAME,
06018 RSBAC_AUTO_DEV);
06019 if(err)
06020 {
06021 registration_error(err, "USER FF");
06022 }
06023 else
06024 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.ff))
06025 {
06026 rsbac_uid_t user;
06027 rsbac_system_role_int_t role;
06028
06029 rsbac_printk(KERN_WARNING
06030 "rsbac_do_init(): USER FF ACI could not be read - generating standard entries!\n");
06031 user = RSBAC_SYSADM_UID;
06032 role = SR_administrator;
06033 if(rsbac_list_add(user_handles.ff, &user, &role))
06034 rsbac_printk(KERN_WARNING
06035 "rsbac_do_init(): SYSADM USER FF entry could not be added!\n");
06036 user = RSBAC_SECOFF_UID;
06037 role = SR_security_officer;
06038 if(rsbac_list_add(user_handles.ff, &user, &role))
06039 rsbac_printk(KERN_WARNING
06040 "rsbac_do_init(): SECOFF USER FF entry could not be added!\n");
06041 user = RSBAC_AUDITOR_UID;
06042 role = SR_auditor;
06043 if(rsbac_list_add(user_handles.ff, &user, &role))
06044 rsbac_printk(KERN_WARNING
06045 "rsbac_do_init(): AUDITOR USER FF entry could not be added!\n");
06046 }
06047 }
06048 #endif
06049 #if defined(CONFIG_RSBAC_RC)
06050 {
06051 struct rsbac_rc_user_aci_t def_aci = DEFAULT_RC_U_ACI;
06052
06053 list_info_p->version = RSBAC_RC_USER_ACI_VERSION;
06054 list_info_p->key = RSBAC_RC_USER_ACI_KEY;
06055 list_info_p->desc_size = sizeof(rsbac_uid_t);
06056 list_info_p->data_size = sizeof(struct rsbac_rc_user_aci_t);
06057 list_info_p->max_age = 0;
06058 err = rsbac_list_register(RSBAC_LIST_VERSION,
06059 &user_handles.rc,
06060 list_info_p,
06061 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06062 RSBAC_LIST_BACKUP |
06063 #endif
06064 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06065 rsbac_list_compare_u32,
06066 rc_user_get_conv,
06067 &def_aci,
06068 RSBAC_RC_ACI_USER_NAME,
06069 RSBAC_AUTO_DEV);
06070 if(err)
06071 {
06072 registration_error(err, "USER RC");
06073 }
06074 else
06075 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.rc))
06076 {
06077 rsbac_uid_t user;
06078 struct rsbac_rc_user_aci_t sysadm_aci = DEFAULT_RC_U_SYSADM_ACI;
06079 struct rsbac_rc_user_aci_t secoff_aci = DEFAULT_RC_U_SECOFF_ACI;
06080 struct rsbac_rc_user_aci_t auditor_aci = DEFAULT_RC_U_AUDITOR_ACI;
06081
06082 rsbac_printk(KERN_WARNING
06083 "rsbac_do_init(): USER RC ACI could not be read - generating standard entries!\n");
06084 user = RSBAC_SYSADM_UID;
06085 if(rsbac_list_add(user_handles.rc, &user, &sysadm_aci))
06086 rsbac_printk(KERN_WARNING
06087 "rsbac_do_init(): SYSADM USER RC entry could not be added!\n");
06088 user = RSBAC_SECOFF_UID;
06089 if(rsbac_list_add(user_handles.rc, &user, &secoff_aci))
06090 rsbac_printk(KERN_WARNING
06091 "rsbac_do_init(): SECOFF USER RC entry could not be added!\n");
06092 user = RSBAC_AUDITOR_UID;
06093 if(rsbac_list_add(user_handles.rc, &user, &auditor_aci))
06094 rsbac_printk(KERN_WARNING
06095 "rsbac_do_init(): AUDITOR USER RC entry could not be added!\n");
06096 }
06097 }
06098 #endif
06099 #if defined(CONFIG_RSBAC_AUTH)
06100 {
06101 rsbac_system_role_int_t def_aci = SR_user;
06102
06103 list_info_p->version = RSBAC_AUTH_USER_ACI_VERSION;
06104 list_info_p->key = RSBAC_AUTH_USER_ACI_KEY;
06105 list_info_p->desc_size = sizeof(rsbac_uid_t);
06106 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06107 list_info_p->max_age = 0;
06108 err = rsbac_list_register(RSBAC_LIST_VERSION,
06109 &user_handles.auth,
06110 list_info_p,
06111 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06112 RSBAC_LIST_BACKUP |
06113 #endif
06114 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06115 rsbac_list_compare_u32,
06116 NULL,
06117 &def_aci,
06118 RSBAC_AUTH_ACI_USER_NAME,
06119 RSBAC_AUTO_DEV);
06120 if(err)
06121 {
06122 registration_error(err, "USER AUTH");
06123 }
06124 else
06125 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.auth))
06126 {
06127 rsbac_uid_t user;
06128 rsbac_system_role_int_t role;
06129
06130 rsbac_printk(KERN_WARNING
06131 "rsbac_do_init(): USER AUTH ACI could not be read - generating standard entries!\n");
06132 user = RSBAC_SYSADM_UID;
06133 role = SR_administrator;
06134 if(rsbac_list_add(user_handles.auth, &user, &role))
06135 rsbac_printk(KERN_WARNING
06136 "rsbac_do_init(): SYSADM USER AUTH entry could not be added!\n");
06137 user = RSBAC_SECOFF_UID;
06138 role = SR_security_officer;
06139 if(rsbac_list_add(user_handles.auth, &user, &role))
06140 rsbac_printk(KERN_WARNING
06141 "rsbac_do_init(): SECOFF USER AUTH entry could not be added!\n");
06142 user = RSBAC_AUDITOR_UID;
06143 role = SR_auditor;
06144 if(rsbac_list_add(user_handles.auth, &user, &role))
06145 rsbac_printk(KERN_WARNING
06146 "rsbac_do_init(): AUDITOR USER AUTH entry could not be added!\n");
06147 }
06148 }
06149 #endif
06150 #if defined(CONFIG_RSBAC_CAP)
06151 {
06152 struct rsbac_cap_user_aci_t def_aci = DEFAULT_CAP_U_ACI;
06153
06154 list_info_p->version = RSBAC_CAP_USER_ACI_VERSION;
06155 list_info_p->key = RSBAC_CAP_USER_ACI_KEY;
06156 list_info_p->desc_size = sizeof(rsbac_uid_t);
06157 list_info_p->data_size = sizeof(struct rsbac_cap_user_aci_t);
06158 list_info_p->max_age = 0;
06159 err = rsbac_list_register(RSBAC_LIST_VERSION,
06160 &user_handles.cap,
06161 list_info_p,
06162 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06163 RSBAC_LIST_BACKUP |
06164 #endif
06165 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06166 rsbac_list_compare_u32,
06167 NULL,
06168 &def_aci,
06169 RSBAC_CAP_ACI_USER_NAME,
06170 RSBAC_AUTO_DEV);
06171 if(err)
06172 {
06173 registration_error(err, "USER CAP");
06174 }
06175 else
06176 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.cap))
06177 {
06178 struct rsbac_cap_user_aci_t sysadm_aci = DEFAULT_CAP_U_SYSADM_ACI;
06179 struct rsbac_cap_user_aci_t secoff_aci = DEFAULT_CAP_U_SECOFF_ACI;
06180 struct rsbac_cap_user_aci_t auditor_aci = DEFAULT_CAP_U_AUDITOR_ACI;
06181 rsbac_uid_t user;
06182
06183 rsbac_printk(KERN_WARNING
06184 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06185 rsbac_printk(KERN_WARNING
06186 "rsbac_do_init(): USER CAP ACI could not be read - generating standard entries!\n");
06187 user = RSBAC_SYSADM_UID;
06188 if(rsbac_list_add(user_handles.cap, &user, &sysadm_aci))
06189 rsbac_printk(KERN_WARNING
06190 "rsbac_do_init(): SYSADM USER CAP entry could not be added!\n");
06191 user = RSBAC_SECOFF_UID;
06192 if(rsbac_list_add(user_handles.cap, &user, &secoff_aci))
06193 rsbac_printk(KERN_WARNING
06194 "rsbac_do_init(): SECOFF USER CAP entry could not be added!\n");
06195 user = RSBAC_AUDITOR_UID;
06196 if(rsbac_list_add(user_handles.cap, &user, &auditor_aci))
06197 rsbac_printk(KERN_WARNING
06198 "rsbac_do_init(): AUDITOR USER CAP entry could not be added!\n");
06199 }
06200 }
06201 #endif
06202 #if defined(CONFIG_RSBAC_JAIL)
06203 {
06204 rsbac_system_role_int_t def_aci = SR_user;
06205
06206 list_info_p->version = RSBAC_JAIL_USER_ACI_VERSION;
06207 list_info_p->key = RSBAC_JAIL_USER_ACI_KEY;
06208 list_info_p->desc_size = sizeof(rsbac_uid_t);
06209 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06210 list_info_p->max_age = 0;
06211 err = rsbac_list_register(RSBAC_LIST_VERSION,
06212 &user_handles.jail,
06213 list_info_p,
06214 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06215 RSBAC_LIST_BACKUP |
06216 #endif
06217 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06218 rsbac_list_compare_u32,
06219 NULL,
06220 &def_aci,
06221 RSBAC_JAIL_ACI_USER_NAME,
06222 RSBAC_AUTO_DEV);
06223 if(err)
06224 {
06225 registration_error(err, "USER JAIL");
06226 }
06227 else
06228 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.jail))
06229 {
06230 rsbac_uid_t user;
06231 rsbac_system_role_int_t role;
06232
06233 rsbac_printk(KERN_WARNING
06234 "rsbac_do_init(): USER JAIL ACI could not be read - generating standard entries!\n");
06235 user = RSBAC_SYSADM_UID;
06236 role = SR_administrator;
06237 if(rsbac_list_add(user_handles.jail, &user, &role))
06238 rsbac_printk(KERN_WARNING
06239 "rsbac_do_init(): SYSADM USER JAIL entry could not be added!\n");
06240 user = RSBAC_SECOFF_UID;
06241 role = SR_security_officer;
06242 if(rsbac_list_add(user_handles.jail, &user, &role))
06243 rsbac_printk(KERN_WARNING
06244 "rsbac_do_init(): SECOFF USER JAIL entry could not be added!\n");
06245 }
06246 }
06247 #endif
06248 #if defined(CONFIG_RSBAC_RES)
06249 {
06250 list_info_p->version = RSBAC_RES_USER_ACI_VERSION;
06251 list_info_p->key = RSBAC_RES_USER_ACI_KEY;
06252 list_info_p->desc_size = sizeof(rsbac_uid_t);
06253 list_info_p->data_size = sizeof(struct rsbac_res_user_aci_t);
06254 list_info_p->max_age = 0;
06255 err = rsbac_list_register(RSBAC_LIST_VERSION,
06256 &user_handles.res,
06257 list_info_p,
06258 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06259 RSBAC_LIST_BACKUP |
06260 #endif
06261 RSBAC_LIST_PERSIST,
06262 rsbac_list_compare_u32,
06263 NULL,
06264 NULL,
06265 RSBAC_RES_ACI_USER_NAME,
06266 RSBAC_AUTO_DEV);
06267 if(err)
06268 {
06269 registration_error(err, "USER RES");
06270 }
06271 else
06272 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.res))
06273 {
06274 struct rsbac_res_user_aci_t sysadm_aci = DEFAULT_RES_U_SYSADM_ACI;
06275 struct rsbac_res_user_aci_t secoff_aci = DEFAULT_RES_U_SECOFF_ACI;
06276 rsbac_uid_t user;
06277
06278 rsbac_printk(KERN_WARNING
06279 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06280 rsbac_printk(KERN_WARNING
06281 "rsbac_do_init(): USER RES ACI could not be read - generating standard entries!\n");
06282 user = RSBAC_SYSADM_UID;
06283 if(rsbac_list_add(user_handles.res, &user, &sysadm_aci))
06284 rsbac_printk(KERN_WARNING
06285 "rsbac_do_init(): SYSADM USER RES entry could not be added!\n");
06286 user = RSBAC_SECOFF_UID;
06287 if(rsbac_list_add(user_handles.res, &user, &secoff_aci))
06288 rsbac_printk(KERN_WARNING
06289 "rsbac_do_init(): SECOFF USER RES entry could not be added!\n");
06290 }
06291 }
06292 #endif
06293 #if defined(CONFIG_RSBAC_PAX)
06294 {
06295 rsbac_system_role_int_t def_aci = SR_user;
06296
06297 list_info_p->version = RSBAC_PAX_USER_ACI_VERSION;
06298 list_info_p->key = RSBAC_PAX_USER_ACI_KEY;
06299 list_info_p->desc_size = sizeof(rsbac_uid_t);
06300 list_info_p->data_size = sizeof(rsbac_system_role_int_t);
06301 list_info_p->max_age = 0;
06302 err = rsbac_list_register(RSBAC_LIST_VERSION,
06303 &user_handles.pax,
06304 list_info_p,
06305 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06306 RSBAC_LIST_BACKUP |
06307 #endif
06308 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06309 rsbac_list_compare_u32,
06310 NULL,
06311 &def_aci,
06312 RSBAC_PAX_ACI_USER_NAME,
06313 RSBAC_AUTO_DEV);
06314 if(err)
06315 {
06316 registration_error(err, "USER PAX");
06317 }
06318 else
06319 if(!rsbac_no_defaults && !rsbac_list_count(user_handles.pax))
06320 {
06321 rsbac_uid_t user;
06322 rsbac_system_role_int_t role;
06323
06324 rsbac_printk(KERN_WARNING
06325 "rsbac_do_init(): USER PAX ACI could not be read - generating standard entries!\n");
06326 user = RSBAC_SYSADM_UID;
06327 role = SR_administrator;
06328 if(rsbac_list_add(user_handles.pax, &user, &role))
06329 rsbac_printk(KERN_WARNING
06330 "rsbac_do_init(): SYSADM USER PAX entry could not be added!\n");
06331 user = RSBAC_SECOFF_UID;
06332 role = SR_security_officer;
06333 if(rsbac_list_add(user_handles.pax, &user, &role))
06334 rsbac_printk(KERN_WARNING
06335 "rsbac_do_init(): SECOFF USER PAX entry could not be added!\n");
06336 }
06337 }
06338 #endif
06339
06340 rsbac_kfree(list_info_p);
06341 return err;
06342 }
06343
06344 #ifdef CONFIG_RSBAC_INIT_DELAY
06345 static int register_process_lists(void)
06346 #else
06347 static int __init register_process_lists(void)
06348 #endif
06349 {
06350 int err = 0;
06351 struct rsbac_list_info_t * list_info_p;
06352
06353 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06354 if(!list_info_p)
06355 {
06356 return -ENOMEM;
06357 }
06358
06359 #ifdef CONFIG_RSBAC_DEBUG
06360 if (rsbac_debug_ds)
06361 {
06362 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering PROCESS lists\n");
06363 }
06364 #endif
06365 {
06366 struct rsbac_gen_process_aci_t def_aci = DEFAULT_GEN_P_ACI;
06367 char name[RSBAC_MAXNAMELEN];
06368 int i;
06369
06370 list_info_p->version = RSBAC_GEN_PROCESS_ACI_VERSION;
06371 list_info_p->key = RSBAC_GEN_PROCESS_ACI_KEY;
06372 list_info_p->desc_size = sizeof(rsbac_pid_t);
06373 list_info_p->data_size = sizeof(struct rsbac_gen_process_aci_t);
06374 list_info_p->max_age = 0;
06375 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
06376 {
06377 sprintf(name, "%s%u", RSBAC_GEN_ACI_PROCESS_NAME, i);
06378 err = rsbac_list_register(RSBAC_LIST_VERSION,
06379 &process_handles.gen[i],
06380 list_info_p,
06381 RSBAC_LIST_DEF_DATA,
06382 rsbac_list_compare_u32,
06383 NULL,
06384 &def_aci,
06385 name,
06386 RSBAC_AUTO_DEV);
06387 if(err)
06388 {
06389 registration_error(err, "PROCESS GEN");
06390 }
06391 }
06392 }
06393 #if defined(CONFIG_RSBAC_MAC)
06394 {
06395 struct rsbac_mac_process_aci_t def_aci = DEFAULT_MAC_P_ACI;
06396 char name[RSBAC_MAXNAMELEN];
06397 int i;
06398
06399 list_info_p->version = RSBAC_MAC_PROCESS_ACI_VERSION;
06400 list_info_p->key = RSBAC_MAC_PROCESS_ACI_KEY;
06401 list_info_p->desc_size = sizeof(rsbac_pid_t);
06402 list_info_p->data_size = sizeof(struct rsbac_mac_process_aci_t);
06403 list_info_p->max_age = 0;
06404 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
06405 {
06406 sprintf(name, "%s%u", RSBAC_MAC_ACI_PROCESS_NAME, i);
06407
06408 err = rsbac_list_register(RSBAC_LIST_VERSION,
06409 &process_handles.mac[i],
06410 list_info_p,
06411 RSBAC_LIST_DEF_DATA,
06412 rsbac_list_compare_u32,
06413 NULL,
06414 &def_aci,
06415 name,
06416 RSBAC_AUTO_DEV);
06417 if(err)
06418 {
06419 registration_error(err, "PROCESS MAC");
06420 }
06421 }
06422 }
06423 #endif
06424 #if defined(CONFIG_RSBAC_PM)
06425 {
06426 struct rsbac_pm_process_aci_t def_aci = DEFAULT_PM_P_ACI;
06427
06428 list_info_p->version = RSBAC_PM_PROCESS_ACI_VERSION;
06429 list_info_p->key = RSBAC_PM_PROCESS_ACI_KEY;
06430 list_info_p->desc_size = sizeof(rsbac_pid_t);
06431 list_info_p->data_size = sizeof(struct rsbac_pm_process_aci_t);
06432 list_info_p->max_age = 0;
06433 err = rsbac_list_register(RSBAC_LIST_VERSION,
06434 &process_handles.pm,
06435 list_info_p,
06436 RSBAC_LIST_DEF_DATA,
06437 rsbac_list_compare_u32,
06438 NULL,
06439 &def_aci,
06440 RSBAC_PM_ACI_PROCESS_NAME,
06441 RSBAC_AUTO_DEV);
06442 if(err)
06443 {
06444 registration_error(err, "PROCESS PM");
06445 }
06446 }
06447 #endif
06448 #if defined(CONFIG_RSBAC_DAZ)
06449 {
06450 struct rsbac_daz_process_aci_t def_aci = DEFAULT_DAZ_P_ACI;
06451
06452 list_info_p->version = RSBAC_DAZ_PROCESS_ACI_VERSION;
06453 list_info_p->key = RSBAC_DAZ_PROCESS_ACI_KEY;
06454 list_info_p->desc_size = sizeof(rsbac_pid_t);
06455 list_info_p->data_size = sizeof(struct rsbac_daz_process_aci_t);
06456 list_info_p->max_age = 0;
06457 err = rsbac_list_register(RSBAC_LIST_VERSION,
06458 &process_handles.daz,
06459 list_info_p,
06460 RSBAC_LIST_DEF_DATA,
06461 rsbac_list_compare_u32,
06462 NULL,
06463 &def_aci,
06464 RSBAC_DAZ_ACI_PROCESS_NAME,
06465 RSBAC_AUTO_DEV);
06466 if(err)
06467 {
06468 registration_error(err, "PROCESS DAZ");
06469 }
06470 }
06471 #endif
06472 #if defined(CONFIG_RSBAC_RC)
06473 {
06474 struct rsbac_rc_process_aci_t def_aci = DEFAULT_RC_P_ACI;
06475 char name[RSBAC_MAXNAMELEN];
06476 int i;
06477
06478 list_info_p->version = RSBAC_RC_PROCESS_ACI_VERSION;
06479 list_info_p->key = RSBAC_RC_PROCESS_ACI_KEY;
06480 list_info_p->desc_size = sizeof(rsbac_pid_t);
06481 list_info_p->data_size = sizeof(struct rsbac_rc_process_aci_t);
06482 list_info_p->max_age = 0;
06483 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
06484 {
06485 sprintf(name, "%s%u", RSBAC_RC_ACI_PROCESS_NAME, i);
06486 err = rsbac_list_register(RSBAC_LIST_VERSION,
06487 &process_handles.rc[i],
06488 list_info_p,
06489 RSBAC_LIST_DEF_DATA,
06490 rsbac_list_compare_u32,
06491 NULL,
06492 &def_aci,
06493 name,
06494 RSBAC_AUTO_DEV);
06495 if(err)
06496 {
06497 registration_error(err, "PROCESS RC");
06498 }
06499 }
06500 }
06501 #endif
06502 #if defined(CONFIG_RSBAC_AUTH)
06503 {
06504 struct rsbac_auth_process_aci_t def_aci = DEFAULT_AUTH_P_ACI;
06505
06506 list_info_p->version = RSBAC_AUTH_PROCESS_ACI_VERSION;
06507 list_info_p->key = RSBAC_AUTH_PROCESS_ACI_KEY;
06508 list_info_p->desc_size = sizeof(rsbac_pid_t);
06509 list_info_p->data_size = sizeof(struct rsbac_auth_process_aci_t);
06510 list_info_p->max_age = 0;
06511 err = rsbac_list_register(RSBAC_LIST_VERSION,
06512 &process_handles.auth,
06513 list_info_p,
06514 RSBAC_LIST_DEF_DATA,
06515 rsbac_list_compare_u32,
06516 NULL,
06517 &def_aci,
06518 RSBAC_AUTH_ACI_PROCESS_NAME,
06519 RSBAC_AUTO_DEV);
06520 if(err)
06521 {
06522 registration_error(err, "PROCESS AUTH");
06523 }
06524 }
06525 #endif
06526 #if defined(CONFIG_RSBAC_CAP)
06527 {
06528 struct rsbac_cap_process_aci_t def_aci = DEFAULT_CAP_P_ACI;
06529
06530 #if defined(CONFIG_RSBAC_CAP_PROC_HIDE)
06531 if(rsbac_cap_process_hiding)
06532 def_aci.cap_process_hiding = PH_from_other_users;
06533 #endif
06534 list_info_p->version = RSBAC_CAP_PROCESS_ACI_VERSION;
06535 list_info_p->key = RSBAC_CAP_PROCESS_ACI_KEY;
06536 list_info_p->desc_size = sizeof(rsbac_pid_t);
06537 list_info_p->data_size = sizeof(struct rsbac_cap_process_aci_t);
06538 list_info_p->max_age = 0;
06539 err = rsbac_list_register(RSBAC_LIST_VERSION,
06540 &process_handles.cap,
06541 list_info_p,
06542 RSBAC_LIST_DEF_DATA,
06543 rsbac_list_compare_u32,
06544 NULL,
06545 &def_aci,
06546 RSBAC_CAP_ACI_PROCESS_NAME,
06547 RSBAC_AUTO_DEV);
06548 if(err)
06549 {
06550 registration_error(err, "PROCESS CAP");
06551 }
06552 }
06553 #endif
06554 #if defined(CONFIG_RSBAC_JAIL)
06555 {
06556 struct rsbac_jail_process_aci_t def_aci = DEFAULT_JAIL_P_ACI;
06557 char name[RSBAC_MAXNAMELEN];
06558 int i;
06559
06560 list_info_p->version = RSBAC_JAIL_PROCESS_ACI_VERSION;
06561 list_info_p->key = RSBAC_JAIL_PROCESS_ACI_KEY;
06562 list_info_p->desc_size = sizeof(rsbac_pid_t);
06563 list_info_p->data_size = sizeof(struct rsbac_jail_process_aci_t);
06564 list_info_p->max_age = 0;
06565 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
06566 {
06567 sprintf(name, "%s%u", RSBAC_JAIL_ACI_PROCESS_NAME, i);
06568 err = rsbac_list_register(RSBAC_LIST_VERSION,
06569 &process_handles.jail[i],
06570 list_info_p,
06571 RSBAC_LIST_DEF_DATA,
06572 rsbac_list_compare_u32,
06573 NULL,
06574 &def_aci,
06575 name,
06576 RSBAC_AUTO_DEV);
06577 if(err)
06578 {
06579 registration_error(err, "PROCESS JAIL");
06580 }
06581 }
06582 }
06583 #endif
06584
06585 rsbac_kfree(list_info_p);
06586 return err;
06587 }
06588
06589 #ifdef CONFIG_RSBAC_UM
06590 #ifdef CONFIG_RSBAC_INIT_DELAY
06591 static int register_group_lists(void)
06592 #else
06593 static int __init register_group_lists(void)
06594 #endif
06595 {
06596 int err = 0;
06597 struct rsbac_list_info_t * list_info_p;
06598
06599 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06600 if(!list_info_p)
06601 {
06602 return -ENOMEM;
06603 }
06604
06605 #ifdef CONFIG_RSBAC_DEBUG
06606 if (rsbac_debug_ds)
06607 {
06608 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering GROUP lists\n");
06609 }
06610 #endif
06611 #if defined(CONFIG_RSBAC_RC_UM_PROT)
06612 {
06613 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06614
06615 list_info_p->version = RSBAC_RC_GROUP_ACI_VERSION;
06616 list_info_p->key = RSBAC_RC_GROUP_ACI_KEY;
06617 list_info_p->desc_size = sizeof(rsbac_gid_t);
06618 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06619 list_info_p->max_age = 0;
06620 err = rsbac_list_register(RSBAC_LIST_VERSION,
06621 &group_handles.rc,
06622 list_info_p,
06623 #ifdef CONFIG_RSBAC_DEV_USER_BACKUP
06624 RSBAC_LIST_BACKUP |
06625 #endif
06626 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06627 NULL,
06628 NULL,
06629 &def_aci,
06630 RSBAC_RC_ACI_GROUP_NAME,
06631 RSBAC_AUTO_DEV);
06632 if(err)
06633 {
06634 registration_error(err, "GROUP RC");
06635 }
06636 }
06637 #endif
06638
06639 rsbac_kfree(list_info_p);
06640 return err;
06641 }
06642 #endif
06643
06644 #ifdef CONFIG_RSBAC_NET_DEV
06645 #ifdef CONFIG_RSBAC_INIT_DELAY
06646 static int register_netdev_lists(void)
06647 #else
06648 static int __init register_netdev_lists(void)
06649 #endif
06650 {
06651 int err = 0;
06652 struct rsbac_list_info_t * list_info_p;
06653
06654 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06655 if(!list_info_p)
06656 {
06657 return -ENOMEM;
06658 }
06659
06660 #ifdef CONFIG_RSBAC_DEBUG
06661 if (rsbac_debug_ds)
06662 {
06663 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering NETDEV lists\n");
06664 }
06665 #endif
06666 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
06667 {
06668 struct rsbac_gen_netdev_aci_t def_aci = DEFAULT_GEN_NETDEV_ACI;
06669
06670 list_info_p->version = RSBAC_GEN_NETDEV_ACI_VERSION;
06671 list_info_p->key = RSBAC_GEN_NETDEV_ACI_KEY;
06672 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
06673 list_info_p->data_size = sizeof(struct rsbac_gen_netdev_aci_t);
06674 list_info_p->max_age = 0;
06675 err = rsbac_list_register(RSBAC_LIST_VERSION,
06676 &netdev_handles.gen,
06677 list_info_p,
06678 RSBAC_LIST_BACKUP |
06679 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06680 netdev_compare,
06681 NULL,
06682 &def_aci,
06683 RSBAC_GEN_ACI_NETDEV_NAME,
06684 RSBAC_AUTO_DEV);
06685 if(err)
06686 {
06687 registration_error(err, "NETDEV General");
06688 }
06689 }
06690 #endif
06691 #if defined(CONFIG_RSBAC_RC)
06692 {
06693 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
06694
06695 list_info_p->version = RSBAC_RC_NETDEV_ACI_VERSION;
06696 list_info_p->key = RSBAC_RC_NETDEV_ACI_KEY;
06697 list_info_p->desc_size = sizeof(rsbac_netdev_id_t);
06698 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
06699 list_info_p->max_age = 0;
06700 err = rsbac_list_register(RSBAC_LIST_VERSION,
06701 &netdev_handles.rc,
06702 list_info_p,
06703 RSBAC_LIST_BACKUP |
06704 RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06705 netdev_compare,
06706 NULL,
06707 &def_aci,
06708 RSBAC_RC_ACI_NETDEV_NAME,
06709 RSBAC_AUTO_DEV);
06710 if(err)
06711 {
06712 registration_error(err, "NETDEV RC");
06713 }
06714 }
06715 #endif
06716
06717 rsbac_kfree(list_info_p);
06718 return err;
06719 }
06720 #endif
06721
06722 #ifdef CONFIG_RSBAC_NET_OBJ
06723 #ifdef CONFIG_RSBAC_INIT_DELAY
06724 static void fill_default_nettemp_1(void)
06725 #else
06726 static void __init fill_default_nettemp_1(void)
06727 #endif
06728 {
06729 rsbac_net_temp_id_t id;
06730 struct rsbac_net_temp_data_t unix_data = RSBAC_NET_TEMP_UNIX_DATA;
06731 struct rsbac_net_temp_data_t lnet_data = RSBAC_NET_TEMP_LNET_DATA;
06732 struct rsbac_net_temp_data_t lan_data = RSBAC_NET_TEMP_LAN_DATA;
06733
06734 id = RSBAC_NET_TEMP_UNIX_ID;
06735 rsbac_list_add(net_temp_handle, &id, &unix_data);
06736 id = RSBAC_NET_TEMP_LNET_ID;
06737 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LNET_ADDRESS, (__u32 *) lnet_data.address);
06738 rsbac_list_add(net_temp_handle, &id, &lnet_data);
06739 id = RSBAC_NET_TEMP_LAN_ID;
06740 rsbac_net_str_to_inet(RSBAC_NET_TEMP_LAN_ADDRESS, (__u32 *) lan_data.address);
06741 rsbac_list_add(net_temp_handle, &id, &lan_data);
06742 }
06743 #ifdef CONFIG_RSBAC_INIT_DELAY
06744 static void fill_default_nettemp_2(void)
06745 #else
06746 static void __init fill_default_nettemp_2(void)
06747 #endif
06748 {
06749 rsbac_net_temp_id_t id;
06750 struct rsbac_net_temp_data_t auto_data = RSBAC_NET_TEMP_AUTO_DATA;
06751 struct rsbac_net_temp_data_t inet_data = RSBAC_NET_TEMP_INET_DATA;
06752 struct rsbac_net_temp_data_t all_data = RSBAC_NET_TEMP_ALL_DATA;
06753
06754 id = RSBAC_NET_TEMP_AUTO_ID;
06755 rsbac_net_str_to_inet(RSBAC_NET_TEMP_AUTO_ADDRESS, (__u32 *) auto_data.address);
06756 rsbac_list_add(net_temp_handle, &id, &auto_data);
06757 id = RSBAC_NET_TEMP_INET_ID;
06758 rsbac_list_add(net_temp_handle, &id, &inet_data);
06759 id = RSBAC_NET_TEMP_ALL_ID;
06760 rsbac_list_add(net_temp_handle, &id, &all_data);
06761 }
06762
06763 #ifdef CONFIG_RSBAC_INIT_DELAY
06764 static int register_nettemp_list(void)
06765 #else
06766 static int __init register_nettemp_list(void)
06767 #endif
06768 {
06769 int err = 0;
06770 struct rsbac_list_info_t * list_info_p;
06771
06772 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06773 if(!list_info_p)
06774 {
06775 return -ENOMEM;
06776 }
06777
06778 #ifdef CONFIG_RSBAC_DEBUG
06779 if (rsbac_debug_ds)
06780 {
06781 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering network template list\n");
06782 }
06783 #endif
06784 list_info_p->version = RSBAC_NET_TEMP_VERSION;
06785 list_info_p->key = RSBAC_NET_TEMP_KEY;
06786 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06787 list_info_p->data_size = sizeof(struct rsbac_net_temp_data_t);
06788 list_info_p->max_age = 0;
06789 err = rsbac_list_register(RSBAC_LIST_VERSION,
06790 &net_temp_handle,
06791 list_info_p,
06792 RSBAC_LIST_BACKUP |
06793 RSBAC_LIST_PERSIST,
06794 rsbac_list_compare_u32,
06795 NULL,
06796 NULL,
06797 RSBAC_NET_TEMP_NAME,
06798 RSBAC_AUTO_DEV);
06799 if(err)
06800 {
06801 registration_error(err, "Network Template");
06802 }
06803 else
06804 if(!rsbac_no_defaults && !rsbac_list_count(net_temp_handle))
06805 {
06806 rsbac_printk(KERN_WARNING
06807 "rsbac_do_init(): Network Templates could not be read - generating standard entries!\n");
06808 fill_default_nettemp_1();
06809 fill_default_nettemp_2();
06810 }
06811 rsbac_kfree(list_info_p);
06812 return err;
06813 }
06814
06815 #ifdef CONFIG_RSBAC_INIT_DELAY
06816 static int register_nettemp_aci_lists(void)
06817 #else
06818 static int __init register_nettemp_aci_lists(void)
06819 #endif
06820 {
06821 int err = 0;
06822 struct rsbac_list_info_t * list_info_p;
06823
06824 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06825 if(!list_info_p)
06826 {
06827 return -ENOMEM;
06828 }
06829
06830 #ifdef CONFIG_RSBAC_DEBUG
06831 if (rsbac_debug_ds)
06832 {
06833 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering NETTEMP lists\n");
06834 }
06835 #endif
06836
06837 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
06838 {
06839 list_info_p->version = RSBAC_GEN_NETOBJ_ACI_VERSION;
06840 list_info_p->key = RSBAC_GEN_NETOBJ_ACI_KEY;
06841 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06842 list_info_p->data_size = sizeof(struct rsbac_gen_netobj_aci_t);
06843 list_info_p->max_age = 0;
06844 err = rsbac_list_register(RSBAC_LIST_VERSION,
06845 &nettemp_handles.gen,
06846 list_info_p,
06847 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06848 rsbac_list_compare_u32,
06849 NULL,
06850 &def_gen_netobj_aci,
06851 RSBAC_GEN_ACI_NETTEMP_NAME,
06852 RSBAC_AUTO_DEV);
06853 if(err)
06854 {
06855 registration_error(err, "NETTEMP GEN");
06856 }
06857 }
06858 #endif
06859 #if defined(CONFIG_RSBAC_MAC)
06860 {
06861 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
06862
06863 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
06864 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
06865 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06866 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
06867 list_info_p->max_age = 0;
06868 err = rsbac_list_register(RSBAC_LIST_VERSION,
06869 &nettemp_handles.mac,
06870 list_info_p,
06871 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06872 rsbac_list_compare_u32,
06873 NULL,
06874 &def_aci,
06875 RSBAC_MAC_ACI_NETTEMP_NAME,
06876 RSBAC_AUTO_DEV);
06877 if(err)
06878 {
06879 registration_error(err, "NETTEMP MAC");
06880 }
06881 }
06882 #endif
06883 #if defined(CONFIG_RSBAC_PM)
06884 {
06885 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
06886
06887 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
06888 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
06889 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06890 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
06891 list_info_p->max_age = 0;
06892 err = rsbac_list_register(RSBAC_LIST_VERSION,
06893 &nettemp_handles.pm,
06894 list_info_p,
06895 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06896 rsbac_list_compare_u32,
06897 NULL,
06898 &def_aci,
06899 RSBAC_PM_ACI_NETTEMP_NAME,
06900 RSBAC_AUTO_DEV);
06901 if(err)
06902 {
06903 registration_error(err, "NETTEMP PM");
06904 }
06905 }
06906 #endif
06907 #if defined(CONFIG_RSBAC_RC)
06908 {
06909 struct rsbac_rc_nettemp_aci_t def_aci = DEFAULT_RC_NETTEMP_ACI;
06910
06911 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
06912 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
06913 list_info_p->desc_size = sizeof(rsbac_net_temp_id_t);
06914 list_info_p->data_size = sizeof(struct rsbac_rc_nettemp_aci_t);
06915 list_info_p->max_age = 0;
06916 err = rsbac_list_register(RSBAC_LIST_VERSION,
06917 &nettemp_handles.rc,
06918 list_info_p,
06919 RSBAC_LIST_BACKUP | RSBAC_LIST_PERSIST | RSBAC_LIST_DEF_DATA,
06920 rsbac_list_compare_u32,
06921 NULL,
06922 &def_aci,
06923 RSBAC_RC_ACI_NETTEMP_NAME,
06924 RSBAC_AUTO_DEV);
06925 if(err)
06926 {
06927 registration_error(err, "NETTEMP RC");
06928 }
06929 }
06930 #endif
06931
06932 rsbac_kfree(list_info_p);
06933 return err;
06934 }
06935
06936 #ifdef CONFIG_RSBAC_INIT_DELAY
06937 static int register_netobj_lists(void)
06938 #else
06939 static int __init register_netobj_lists(void)
06940 #endif
06941 {
06942 int err = 0;
06943 struct rsbac_list_info_t * list_info_p;
06944
06945 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
06946 if(!list_info_p)
06947 {
06948 return -ENOMEM;
06949 }
06950
06951 #ifdef CONFIG_RSBAC_DEBUG
06952 if (rsbac_debug_ds)
06953 {
06954 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering local NETOBJ lists\n");
06955 }
06956 #endif
06957 #if defined(CONFIG_RSBAC_MAC)
06958 {
06959 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
06960
06961 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
06962 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
06963 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
06964 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
06965 list_info_p->max_age = 0;
06966 err = rsbac_list_register(RSBAC_LIST_VERSION,
06967 &lnetobj_handles.mac,
06968 list_info_p,
06969 0,
06970 rsbac_list_compare_u32,
06971 NULL,
06972 &def_aci,
06973 RSBAC_MAC_ACI_LNETOBJ_NAME,
06974 RSBAC_AUTO_DEV);
06975 if(err)
06976 {
06977 registration_error(err, "LNETOBJ MAC");
06978 }
06979 }
06980 #endif
06981 #if defined(CONFIG_RSBAC_PM)
06982 {
06983 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
06984
06985 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
06986 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
06987 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
06988 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
06989 list_info_p->max_age = 0;
06990 err = rsbac_list_register(RSBAC_LIST_VERSION,
06991 &lnetobj_handles.pm,
06992 list_info_p,
06993 0,
06994 rsbac_list_compare_u32,
06995 NULL,
06996 &def_aci,
06997 RSBAC_PM_ACI_LNETOBJ_NAME,
06998 RSBAC_AUTO_DEV);
06999 if(err)
07000 {
07001 registration_error(err, "LNETOBJ PM");
07002 }
07003 }
07004 #endif
07005 #if defined(CONFIG_RSBAC_RC)
07006 {
07007 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
07008
07009 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07010 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07011 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07012 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
07013 list_info_p->max_age = 0;
07014 err = rsbac_list_register(RSBAC_LIST_VERSION,
07015 &lnetobj_handles.rc,
07016 list_info_p,
07017 0,
07018 rsbac_list_compare_u32,
07019 NULL,
07020 &def_aci,
07021 RSBAC_RC_ACI_LNETOBJ_NAME,
07022 RSBAC_AUTO_DEV);
07023 if(err)
07024 {
07025 registration_error(err, "LNETOBJ RC");
07026 }
07027 }
07028 #endif
07029
07030 #ifdef CONFIG_RSBAC_DEBUG
07031 if (rsbac_debug_ds)
07032 {
07033 rsbac_printk(KERN_DEBUG "rsbac_do_init(): registering remote NETOBJ lists\n");
07034 }
07035 #endif
07036 #if defined(CONFIG_RSBAC_MAC)
07037 {
07038 struct rsbac_mac_netobj_aci_t def_aci = DEFAULT_MAC_NETOBJ_ACI;
07039
07040 list_info_p->version = RSBAC_MAC_NETOBJ_ACI_VERSION;
07041 list_info_p->key = RSBAC_MAC_NETOBJ_ACI_KEY;
07042 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07043 list_info_p->data_size = sizeof(struct rsbac_mac_netobj_aci_t);
07044 list_info_p->max_age = 0;
07045 err = rsbac_list_register(RSBAC_LIST_VERSION,
07046 &rnetobj_handles.mac,
07047 list_info_p,
07048 0,
07049 rsbac_list_compare_u32,
07050 NULL,
07051 &def_aci,
07052 RSBAC_MAC_ACI_RNETOBJ_NAME,
07053 RSBAC_AUTO_DEV);
07054 if(err)
07055 {
07056 registration_error(err, "RNETOBJ MAC");
07057 }
07058 }
07059 #endif
07060 #if defined(CONFIG_RSBAC_PM)
07061 {
07062 struct rsbac_pm_netobj_aci_t def_aci = DEFAULT_PM_NETOBJ_ACI;
07063
07064 list_info_p->version = RSBAC_PM_NETOBJ_ACI_VERSION;
07065 list_info_p->key = RSBAC_PM_NETOBJ_ACI_KEY;
07066 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07067 list_info_p->data_size = sizeof(struct rsbac_pm_netobj_aci_t);
07068 list_info_p->max_age = 0;
07069 err = rsbac_list_register(RSBAC_LIST_VERSION,
07070 &rnetobj_handles.pm,
07071 list_info_p,
07072 0,
07073 rsbac_list_compare_u32,
07074 NULL,
07075 &def_aci,
07076 RSBAC_PM_ACI_RNETOBJ_NAME,
07077 RSBAC_AUTO_DEV);
07078 if(err)
07079 {
07080 registration_error(err, "RNETOBJ PM");
07081 }
07082 }
07083 #endif
07084 #if defined(CONFIG_RSBAC_RC)
07085 {
07086 rsbac_rc_type_id_t def_aci = RSBAC_RC_GENERAL_TYPE;
07087
07088 list_info_p->version = RSBAC_RC_NETOBJ_ACI_VERSION;
07089 list_info_p->key = RSBAC_RC_NETOBJ_ACI_KEY;
07090 list_info_p->desc_size = sizeof(rsbac_net_obj_id_t);
07091 list_info_p->data_size = sizeof(rsbac_rc_type_id_t);
07092 list_info_p->max_age = 0;
07093 err = rsbac_list_register(RSBAC_LIST_VERSION,
07094 &rnetobj_handles.rc,
07095 list_info_p,
07096 0,
07097 rsbac_list_compare_u32,
07098 NULL,
07099 &def_aci,
07100 RSBAC_RC_ACI_RNETOBJ_NAME,
07101 RSBAC_AUTO_DEV);
07102 if(err)
07103 {
07104 registration_error(err, "RNETOBJ RC");
07105 }
07106 }
07107 #endif
07108
07109 rsbac_kfree(list_info_p);
07110 return err;
07111 }
07112 #endif
07113
07114 #ifdef CONFIG_RSBAC_INIT_DELAY
07115 static int rsbac_do_init(void)
07116 #else
07117 static int __init rsbac_do_init(void)
07118 #endif
07119 {
07120 int err = 0;
07121 struct rsbac_device_list_item_t * device_p;
07122 struct rsbac_device_list_item_t * new_device_p;
07123 u_long flags;
07124 struct rsbac_list_info_t * list_info_p;
07125 struct super_block * sb_p;
07126
07127 #ifdef CONFIG_RSBAC_DEBUG
07128 if(rsbac_debug_stack)
07129 {
07130 unsigned long * n;
07131
07132 n = (unsigned long *) (current+1);
07133 while (!*n)
07134 n++;
07135 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack: %lu\n",
07136 (unsigned long) n - (unsigned long)(current+1));
07137 }
07138 #endif
07139 list_info_p = kmalloc(sizeof(*list_info_p), GFP_KERNEL);
07140 if(!list_info_p)
07141 {
07142 return -ENOMEM;
07143 }
07144 compiled_modules[0] = (char) 0;
07145 #ifdef CONFIG_RSBAC_REG
07146 strcat(compiled_modules, " REG");
07147 #endif
07148 #ifdef CONFIG_RSBAC_MAC
07149 #ifdef CONFIG_RSBAC_MAC_LIGHT
07150 strcat(compiled_modules, " MAC-L");
07151 #else
07152 strcat(compiled_modules, " MAC");
07153 #endif
07154 #endif
07155 #ifdef CONFIG_RSBAC_PM
07156 strcat(compiled_modules, " PM");
07157 #endif
07158 #ifdef CONFIG_RSBAC_DAZ
07159 strcat(compiled_modules, " DAZ");
07160 #endif
07161 #ifdef CONFIG_RSBAC_FF
07162 strcat(compiled_modules, " FF");
07163 #endif
07164 #ifdef CONFIG_RSBAC_RC
07165 strcat(compiled_modules, " RC");
07166 #endif
07167 #ifdef CONFIG_RSBAC_AUTH
07168 strcat(compiled_modules, " AUTH");
07169 #endif
07170 #ifdef CONFIG_RSBAC_ACL
07171 strcat(compiled_modules, " ACL");
07172 #endif
07173 #ifdef CONFIG_RSBAC_CAP
07174 strcat(compiled_modules, " CAP");
07175 #endif
07176 #ifdef CONFIG_RSBAC_JAIL
07177 strcat(compiled_modules, " JAIL");
07178 #endif
07179 #ifdef CONFIG_RSBAC_RES
07180 strcat(compiled_modules, " RES");
07181 #endif
07182 #ifdef CONFIG_RSBAC_PAX
07183 strcat(compiled_modules, " PAX");
07184 #endif
07185 #ifdef CONFIG_RSBAC_MAINT
07186 rsbac_printk(KERN_INFO
07187 "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n",
07188 RSBAC_VERSION);
07189
07190 printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s (Maintenance Mode)\n", RSBAC_VERSION);
07191
07192 rsbac_printk(KERN_INFO
07193 "rsbac_do_init(): Supported module data structures:%s\n",
07194 compiled_modules);
07195 #else
07196 rsbac_printk(KERN_INFO
07197 "rsbac_do_init(): Initializing RSBAC %s\n",
07198 RSBAC_VERSION);
07199
07200 #ifdef CONFIG_RSBAC_RMSG_NOSYSLOG
07201 if (rsbac_nosyslog)
07202 #endif
07203 printk(KERN_INFO "rsbac_do_init(): Initializing RSBAC %s\n", RSBAC_VERSION);
07204
07205 rsbac_printk(KERN_INFO
07206 "rsbac_do_init(): compiled modules:%s\n",
07207 compiled_modules);
07208 #endif
07209
07210
07211 rsbac_printk(KERN_INFO
07212 "rsbac_do_init(): Initializing memory slabs\n");
07213 rsbac_kmem_cache_sizes_init();
07214
07215
07216 device_list_head.lock = RW_LOCK_UNLOCKED;
07217 device_list_head.head = NULL;
07218 device_list_head.tail = NULL;
07219 device_list_head.curr = NULL;
07220 device_list_head.count = 0;
07221
07222 #if defined(CONFIG_RSBAC_PROC) && defined(CONFIG_PROC_FS)
07223 #ifdef CONFIG_RSBAC_DEBUG
07224 if(rsbac_debug_stack)
07225 {
07226 unsigned long * n = (unsigned long *) (current+1);
07227
07228 while (!*n)
07229 n++;
07230 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering proc dir: %lu\n",
07231 (unsigned long) n - (unsigned long)(current+1));
07232 }
07233 #endif
07234 rsbac_printk(KERN_INFO "rsbac_do_init(): Registering RSBAC proc dir\n");
07235 register_all_rsbac_proc();
07236 #endif
07237
07238 #ifdef CONFIG_RSBAC_DEBUG
07239 if(rsbac_debug_stack)
07240 {
07241 unsigned long * n = (unsigned long *) (current+1);
07242
07243 while (!*n)
07244 n++;
07245 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before get_super: %lu\n",
07246 (unsigned long) n - (unsigned long)(current+1));
07247 }
07248 #endif
07249 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07250 sb_p = user_get_super(rsbac_root_dev);
07251 #else
07252 sb_p = get_super(rsbac_root_dev);
07253 #endif
07254 if(!sb_p)
07255 {
07256 kfree(list_info_p);
07257 return -RSBAC_ENOROOTDEV;
07258 }
07259
07260 #ifdef CONFIG_RSBAC_DEBUG
07261 if (rsbac_debug_ds)
07262 {
07263 rsbac_printk(KERN_DEBUG
07264 "rsbac_do_init(): reading aci from device number %02u:%02u\n",
07265 RSBAC_MAJOR(rsbac_root_dev),
07266 RSBAC_MINOR(rsbac_root_dev));
07267 }
07268 #endif
07269
07270 new_device_p = create_device_item(sb_p, NULL);
07271 if (!new_device_p)
07272 {
07273 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not alloc device item!\n");
07274 err = -RSBAC_ECOULDNOTADDDEVICE;
07275 goto out_free;
07276 }
07277
07278
07279 rsbac_write_lock(&device_list_head.lock, &flags);
07280
07281 device_p = add_device_item(new_device_p);
07282
07283 rsbac_write_unlock(&device_list_head.lock, &flags);
07284 if (!device_p)
07285 {
07286 rsbac_printk(KERN_CRIT "rsbac_do_init(): Could not add device!\n");
07287 clear_device_item(new_device_p);
07288 err = -RSBAC_ECOULDNOTADDDEVICE;
07289 goto out_free;
07290 }
07291
07292
07293 rsbac_printk(KERN_INFO
07294 "rsbac_do_init(): Initializing generic lists\n");
07295 rsbac_list_init();
07296
07297 #ifdef CONFIG_RSBAC_DEBUG
07298 if(rsbac_debug_stack)
07299 {
07300 unsigned long * n = (unsigned long *) (current+1);
07301
07302 while (!*n)
07303 n++;
07304 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_debug: %lu\n",
07305 (unsigned long) n - (unsigned long)(current+1));
07306 }
07307 #endif
07308 rsbac_init_debug();
07309
07310 rsbac_printk(KERN_INFO
07311 "rsbac_do_init(): reading FD attributes from root dev\n");
07312
07313 #ifdef CONFIG_RSBAC_DEBUG
07314 if(rsbac_debug_stack)
07315 {
07316 unsigned long * n = (unsigned long *) (current+1);
07317
07318 while (!*n)
07319 n++;
07320 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before reading FD lists: %lu\n",
07321 (unsigned long) n - (unsigned long)(current+1));
07322 }
07323 #endif
07324
07325 if((err = register_fd_lists(device_p,rsbac_root_dev)))
07326 {
07327 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07328
07329 if(tmp)
07330 {
07331 rsbac_printk(KERN_WARNING
07332 "rsbac_do_init(): File/Dir lists registration failed for dev %02u:%02u, err %s!\n",
07333 RSBAC_MAJOR(rsbac_root_dev), RSBAC_MINOR(rsbac_root_dev), get_error_name(tmp,err));
07334 rsbac_kfree(tmp);
07335 }
07336 }
07337
07338 #ifdef CONFIG_RSBAC_DEBUG
07339 if(rsbac_debug_stack)
07340 {
07341 unsigned long * n = (unsigned long *) (current+1);
07342
07343 while (!*n)
07344 n++;
07345 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before DEV lists registration: %lu\n",
07346 (unsigned long) n - (unsigned long)(current+1));
07347 }
07348 #endif
07349 register_dev_lists();
07350
07351 #ifdef CONFIG_RSBAC_DEBUG
07352 if(rsbac_debug_stack)
07353 {
07354 unsigned long * n = (unsigned long *) (current+1);
07355
07356 while (!*n)
07357 n++;
07358 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering IPC lists: %lu\n",
07359 (unsigned long) n - (unsigned long)(current+1));
07360 }
07361 #endif
07362
07363 register_ipc_lists();
07364
07365 #ifdef CONFIG_RSBAC_DEBUG
07366 if(rsbac_debug_stack)
07367 {
07368 unsigned long * n = (unsigned long *) (current+1);
07369
07370 while (!*n)
07371 n++;
07372 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering USER lists: %lu\n",
07373 (unsigned long) n - (unsigned long)(current+1));
07374 }
07375 #endif
07376 register_user_lists();
07377
07378 #ifdef CONFIG_RSBAC_DEBUG
07379 if(rsbac_debug_stack)
07380 {
07381 unsigned long * n = (unsigned long *) (current+1);
07382
07383 while (!*n)
07384 n++;
07385 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before registering PROCESS aci: %lu\n",
07386 (unsigned long) n - (unsigned long)(current+1));
07387 }
07388 #endif
07389 register_process_lists();
07390
07391
07392 #ifdef CONFIG_RSBAC_UM
07393 #ifdef CONFIG_RSBAC_DEBUG
07394 if(rsbac_debug_stack)
07395 {
07396 unsigned long * n = (unsigned long *) (current+1);
07397
07398 while (!*n)
07399 n++;
07400 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before GROUP lists registration: %lu\n",
07401 (unsigned long) n - (unsigned long)(current+1));
07402 }
07403 #endif
07404 register_group_lists();
07405 #endif
07406
07407 #ifdef CONFIG_RSBAC_NET_DEV
07408 register_netdev_lists();
07409 #endif
07410
07411 #ifdef CONFIG_RSBAC_NET_OBJ
07412 register_nettemp_list();
07413 register_nettemp_aci_lists();
07414 register_netobj_lists();
07415 #endif
07416
07417
07418 #if defined(CONFIG_RSBAC_MAC)
07419 #ifdef CONFIG_RSBAC_DEBUG
07420 if(rsbac_debug_stack)
07421 {
07422 unsigned long * n = (unsigned long *) (current+1);
07423
07424 while (!*n)
07425 n++;
07426 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_mac: %lu\n",
07427 (unsigned long) n - (unsigned long)(current+1));
07428 }
07429 #endif
07430 rsbac_init_mac();
07431 #endif
07432
07433 #ifdef CONFIG_RSBAC_PM
07434 #ifdef CONFIG_RSBAC_DEBUG
07435 if(rsbac_debug_stack)
07436 {
07437 unsigned long * n = (unsigned long *) (current+1);
07438
07439 while (!*n)
07440 n++;
07441 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_pm: %lu\n",
07442 (unsigned long) n - (unsigned long)(current+1));
07443 }
07444 #endif
07445 rsbac_init_pm();
07446 #endif
07447
07448 #if defined(CONFIG_RSBAC_DAZ) && !defined(CONFIG_RSBAC_MAINT)
07449 #ifdef CONFIG_RSBAC_DEBUG
07450 if(rsbac_debug_stack)
07451 {
07452 unsigned long * n = (unsigned long *) (current+1);
07453
07454 while (!*n)
07455 n++;
07456 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_daz: %lu\n",
07457 (unsigned long) n - (unsigned long)(current+1));
07458 }
07459 #endif
07460 rsbac_init_daz();
07461 #endif
07462
07463 #if defined(CONFIG_RSBAC_RC)
07464 #ifdef CONFIG_RSBAC_DEBUG
07465 if(rsbac_debug_stack)
07466 {
07467 unsigned long * n = (unsigned long *) (current+1);
07468
07469 while (!*n)
07470 n++;
07471 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_rc: %lu\n",
07472 (unsigned long) n - (unsigned long)(current+1));
07473 }
07474 #endif
07475 rsbac_init_rc();
07476 #endif
07477
07478 #if defined(CONFIG_RSBAC_AUTH)
07479 #ifdef CONFIG_RSBAC_DEBUG
07480 if(rsbac_debug_stack)
07481 {
07482 unsigned long * n = (unsigned long *) (current+1);
07483
07484 while (!*n)
07485 n++;
07486 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_auth: %lu\n",
07487 (unsigned long) n - (unsigned long)(current+1));
07488 }
07489 #endif
07490 rsbac_init_auth();
07491 if (rsbac_auth_enable_login)
07492 {
07493 struct dentry * t_dentry;
07494 struct dentry * dir_dentry = NULL;
07495 struct rsbac_auth_fd_aci_t auth_fd_aci = DEFAULT_AUTH_FD_ACI;
07496 int list_no;
07497
07498 rsbac_printk(KERN_WARNING
07499 "rsbac_do_init(): auth_enable_login is set: setting auth_may_setuid for %s\n",
07500 RSBAC_AUTH_LOGIN_PATH);
07501
07502
07503 if(sb_p)
07504 {
07505 dir_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_DIR,
07506 sb_p->s_root,
07507 strlen(RSBAC_AUTH_LOGIN_PATH_DIR));
07508 }
07509 if (!dir_dentry)
07510 {
07511 err = -RSBAC_ENOTFOUND;
07512 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07513 RSBAC_AUTH_LOGIN_PATH_DIR);
07514 goto auth_out;
07515 }
07516 if (IS_ERR(dir_dentry))
07517 {
07518 err = PTR_ERR(dir_dentry);
07519 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s returned %i\n",
07520 RSBAC_AUTH_LOGIN_PATH_DIR,
07521 err);
07522 goto auth_out;
07523 }
07524 if (!dir_dentry->d_inode)
07525 {
07526 err = -RSBAC_ENOTFOUND;
07527 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s failed\n",
07528 RSBAC_AUTH_LOGIN_PATH_DIR);
07529 dput(dir_dentry);
07530 goto auth_out;
07531 }
07532 t_dentry = rsbac_lookup_one_len(RSBAC_AUTH_LOGIN_PATH_FILE,
07533 dir_dentry,
07534 strlen(RSBAC_AUTH_LOGIN_PATH_FILE));
07535 if (!t_dentry)
07536 {
07537 err = -RSBAC_ENOTFOUND;
07538 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07539 RSBAC_AUTH_LOGIN_PATH_DIR,
07540 RSBAC_AUTH_LOGIN_PATH_FILE);
07541 goto auth_out;
07542 }
07543 if (IS_ERR(t_dentry))
07544 {
07545 err = PTR_ERR(t_dentry);
07546 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s returned %i\n",
07547 RSBAC_AUTH_LOGIN_PATH_DIR,
07548 RSBAC_AUTH_LOGIN_PATH_FILE,
07549 err);
07550 goto auth_out;
07551 }
07552 if (!t_dentry->d_inode)
07553 {
07554 err = -RSBAC_ENOTFOUND;
07555 rsbac_printk(KERN_WARNING "rsbac_do_init(): call to rsbac_lookup_one_len for /%s/%s failed\n",
07556 RSBAC_AUTH_LOGIN_PATH_DIR,
07557 RSBAC_AUTH_LOGIN_PATH_FILE);
07558 dput(t_dentry);
07559 goto auth_out;
07560 }
07561
07562 if (!t_dentry->d_inode)
07563 {
07564 rsbac_printk(KERN_WARNING "rsbac_do_init(): file %s not found\n",
07565 RSBAC_AUTH_LOGIN_PATH);
07566 err = -RSBAC_EINVALIDTARGET;
07567 goto auth_out_dput;
07568 }
07569
07570 if (!S_ISREG(t_dentry->d_inode->i_mode))
07571 {
07572 rsbac_printk(KERN_WARNING "rsbac_do_init(): %s is no file\n", RSBAC_AUTH_LOGIN_PATH);
07573 err = -RSBAC_EINVALIDTARGET;
07574 goto auth_out_dput;
07575 }
07576 list_no = auth_fd_hash(t_dentry->d_inode->i_ino);
07577 rsbac_list_get_data(device_p->handles.auth[list_no],
07578 &t_dentry->d_inode->i_ino,
07579 &auth_fd_aci);
07580 auth_fd_aci.auth_may_setuid = TRUE;
07581 if(rsbac_list_add(device_p->handles.auth[list_no],
07582 &t_dentry->d_inode->i_ino,
07583 &auth_fd_aci))
07584 {
07585 rsbac_printk(KERN_WARNING
07586 "rsbac_do_init(): Could not add AUTH file/dir item!\n");
07587 err = -RSBAC_ECOULDNOTADDITEM;
07588 }
07589
07590 auth_out_dput:
07591 auth_out:
07592 { }
07593 }
07594 #endif
07595
07596 #if defined(CONFIG_RSBAC_ACL)
07597 #ifdef CONFIG_RSBAC_DEBUG
07598 if(rsbac_debug_stack)
07599 {
07600 unsigned long * n = (unsigned long *) (current+1);
07601
07602 while (!*n)
07603 n++;
07604 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_acl: %lu\n",
07605 (unsigned long) n - (unsigned long)(current+1));
07606 }
07607 #endif
07608 rsbac_init_acl();
07609 #endif
07610
07611 #if defined(CONFIG_RSBAC_UM)
07612 #ifdef CONFIG_RSBAC_DEBUG
07613 if(rsbac_debug_stack)
07614 {
07615 unsigned long * n = (unsigned long *) (current+1);
07616
07617 while (!*n)
07618 n++;
07619 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_um: %lu\n",
07620 (unsigned long) n - (unsigned long)(current+1));
07621 }
07622 #endif
07623 rsbac_init_um();
07624 #endif
07625
07626
07627 #ifdef CONFIG_RSBAC_DEBUG
07628 if(rsbac_debug_stack)
07629 {
07630 unsigned long * n = (unsigned long *) (current+1);
07631
07632 while (!*n)
07633 n++;
07634 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before init_adf: %lu\n",
07635 (unsigned long) n - (unsigned long)(current+1));
07636 }
07637 #endif
07638 rsbac_init_adf();
07639
07640
07641 drop_super(sb_p);
07642
07643 #if defined(CONFIG_RSBAC_PAX) && defined(CONFIG_PAX_HOOK_ACL_FLAGS)
07644 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
07645 pax_set_initial_flags_func = rsbac_pax_set_flags_func;
07646 #else
07647 pax_set_flags_func = rsbac_pax_set_flags_func;
07648 #endif
07649 #endif
07650
07651
07652 rsbac_initialized = TRUE;
07653
07654
07655 #ifdef CONFIG_BLK_DEV_INITRD
07656 if(initrd_start)
07657 {
07658 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07659 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,0));
07660 #else
07661 sb_p = get_super(MKDEV(RAMDISK_MAJOR,0));
07662 #endif
07663 if(sb_p)
07664 {
07665 rsbac_mount(sb_p, NULL);
07666 drop_super(sb_p);
07667 }
07668 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07669 sb_p = user_get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
07670 #else
07671 sb_p = get_super(MKDEV(RAMDISK_MAJOR,INITRD_MINOR));
07672 #endif
07673 if(sb_p)
07674 {
07675 rsbac_mount(sb_p, NULL);
07676 drop_super(sb_p);
07677 }
07678 }
07679 #endif
07680
07681 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07682
07683 if( sysfs_covered_p
07684 && sysfs_sb_p
07685 )
07686 {
07687 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting sysfs device %02u:%02u\n",
07688 MAJOR(sysfs_sb_p->s_dev), MINOR(sysfs_sb_p->s_dev));
07689 rsbac_mount(sysfs_sb_p, sysfs_covered_p);
07690 }
07691 #endif
07692
07693
07694 #ifdef CONFIG_DEVFS_MOUNT
07695 if( devfs_covered_p
07696 && devfs_sb_p
07697 )
07698 {
07699 rsbac_printk(KERN_WARNING "rsbac_do_init(): automounting devfs device %02u:%02u\n",
07700 MAJOR(devfs_sb_p->s_dev), MINOR(devfs_sb_p->s_dev));
07701 rsbac_mount(devfs_sb_p, devfs_covered_p);
07702 }
07703 #endif
07704
07705
07706 #ifdef CONFIG_RSBAC_INIT_CHECK
07707 #ifdef CONFIG_RSBAC_DEBUG
07708 if(rsbac_debug_stack)
07709 {
07710 unsigned long * n = (unsigned long *) (current+1);
07711
07712 while (!*n)
07713 n++;
07714 rsbac_printk(KERN_DEBUG "rsbac_do_init: free stack before rsbac_check: %lu\n",
07715 (unsigned long) n - (unsigned long)(current+1));
07716 }
07717 #endif
07718 rsbac_printk(KERN_INFO "rsbac_do_init(): Forcing consistency check.\n");
07719 rsbac_check_lists(1);
07720 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07721 rsbac_check(1,0);
07722
07723 #if defined(CONFIG_RSBAC_AUTH)
07724 rsbac_check_auth(1,0);
07725 #endif
07726 #endif
07727 #if defined(CONFIG_RSBAC_ACL)
07728 rsbac_check_acl(1,0);
07729 #endif
07730 #endif
07731
07732 if (!current->fs)
07733 {
07734 rsbac_printk(KERN_WARNING "rsbac_do_init(): current->fs is invalid!\n");
07735 err = -RSBAC_EINVALIDPOINTER;
07736 }
07737 out:
07738
07739 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07740
07741 rsbac_printk(KERN_INFO "rsbac_do_init(): Ready.\n");
07742
07743 kfree(list_info_p);
07744 return err;
07745
07746 out_free:
07747
07748 drop_super(sb_p);
07749 goto out;
07750 }
07751
07752
07753 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
07754 || defined(CONFIG_RSBAC_INIT_THREAD)
07755
07756 void wakeup_rsbacd(u_long dummy)
07757 {
07758 wake_up(&rsbacd_wait);
07759 }
07760 #endif
07761
07762 #ifdef CONFIG_RSBAC_INIT_THREAD
07763
07764 static int rsbac_initd(void * dummy)
07765 {
07766 rsbac_printk(KERN_INFO "rsbac_initd(): Initializing.\n");
07767 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07768 daemonize("rsbac_initd");
07769 #else
07770 current->session = 1;
07771 current->pgrp = 1;
07772 strcpy(current->comm, "rsbac_initd");
07773 #endif
07774
07775
07776
07777
07778 #ifdef CONFIG_RSBAC_DEBUG
07779 if(rsbac_debug_stack)
07780 {
07781 unsigned long * n = (unsigned long *) (current+1);
07782
07783 while (!*n)
07784 n++;
07785 rsbac_printk(KERN_DEBUG "rsbac_initd: free stack before rsbac_do_init(): %lu\n",
07786 (unsigned long) n - (unsigned long)(current+1));
07787 }
07788 #endif
07789
07790 rsbac_do_init();
07791
07792 #ifdef CONFIG_RSBAC_DEBUG
07793 if(rsbac_debug_stack)
07794 {
07795 unsigned long * n = (unsigned long *) (current+1);
07796
07797 while (!*n)
07798 n++;
07799 rsbac_printk(KERN_DEBUG "rsbac_initd: free stack after rsbac_do_init(): %lu\n",
07800 (unsigned long) n - (unsigned long)(current+1));
07801 }
07802 #endif
07803
07804 wake_up(&rsbacd_wait);
07805
07806 rsbac_printk(KERN_INFO "rsbac_initd(): Exiting.\n");
07807 do_exit(0);
07808 return 0;
07809 }
07810 #endif
07811
07812 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
07813
07814 static int rsbacd(void * dummy)
07815 {
07816 struct task_struct *tsk = current;
07817 char * name = rsbac_kmalloc(RSBAC_MAXNAMELEN);
07818
07819 rsbac_printk(KERN_INFO "rsbacd(): Initializing.\n");
07820 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07821 daemonize("rsbacd");
07822 #else
07823 daemonize();
07824 strcpy(tsk->comm, "rsbacd");
07825 #endif
07826
07827 #ifdef CONFIG_RSBAC_DEBUG
07828 if(rsbac_debug_auto)
07829 {
07830 rsbac_printk(KERN_DEBUG "rsbacd(): Setting auto timer.\n");
07831 }
07832 #endif
07833
07834 #ifndef CONFIG_RSBAC_INIT_THREAD
07835 init_timer(&rsbac_timer);
07836 rsbac_timer.function = wakeup_rsbacd;
07837 rsbac_timer.data = 0;
07838 rsbac_timer.expires = jiffies + auto_interval;
07839 add_timer(&rsbac_timer);
07840 #endif
07841
07842 #ifdef CONFIG_RSBAC_DEBUG
07843 if(rsbac_debug_stack)
07844 {
07845 unsigned long * n = (unsigned long *) (current+1);
07846
07847 while (!*n)
07848 n++;
07849 rsbac_printk(KERN_DEBUG "rsbacd: free stack: %lu\n",
07850 (unsigned long) n - (unsigned long)(current+1));
07851 }
07852 #endif
07853 for(;;)
07854 {
07855
07856 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07857
07858 flush_signals(tsk);
07859 spin_lock_irq(&tsk->sighand->siglock);
07860 flush_signal_handlers(tsk, 1);
07861 sigemptyset(&tsk->blocked);
07862 recalc_sigpending();
07863 spin_unlock_irq(&tsk->sighand->siglock);
07864 #else
07865 spin_lock_irq(&tsk->sigmask_lock);
07866 flush_signals(tsk);
07867 sigfillset(&tsk->blocked);
07868 recalc_sigpending(tsk);
07869 spin_unlock_irq(&tsk->sigmask_lock);
07870 #endif
07871
07872 mod_timer(&rsbac_timer, jiffies + auto_interval);
07873 interruptible_sleep_on(&rsbacd_wait);
07874
07875
07876
07877 #if 0
07878
07879 #if defined(CONFIG_RSBAC_DAZ_CACHE)
07880 if(jiffies >= daz_cleanup_time)
07881 {
07882 daz_cleanup_time = jiffies + HZ * RSBAC_DAZ_CACHE_CLEANUP_INTERVAL;
07883 #ifdef CONFIG_RSBAC_DEBUG
07884 if (rsbac_debug_auto)
07885 {
07886 rsbac_printk(KERN_DEBUG
07887 "rsbacd(): cleaning up DAZ scanned lists\n");
07888 }
07889 #endif
07890
07891 rsbac_read_lock(&device_list_head.lock, &dflags);
07892
07893 device_p = device_list_head.head;
07894 while (device_p)
07895 {
07896 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
07897 {
07898 rsbac_list_check(device_p->handles.dazs[i], TRUE);
07899 }
07900 device_p = device_p->next;
07901 }
07902 rsbac_read_unlock(&device_list_head.lock, &dflags);
07903 }
07904 #endif
07905 #endif
07906
07907
07908 if(rsbac_initialized && !rsbac_debug_no_write)
07909 {
07910 int err=0;
07911
07912
07913
07914
07915
07916
07917
07918
07919 down(&rsbac_write_sem);
07920 if(!rsbac_debug_no_write)
07921 {
07922 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07923 err = rsbac_write(FALSE);
07924 #else
07925 err = rsbac_write(TRUE);
07926 #endif
07927 }
07928 up(&rsbac_write_sem);
07929 if(err < 0)
07930 {
07931 if(name)
07932 rsbac_printk(KERN_WARNING
07933 "rsbacd(): rsbac_write returned error %s!\n",
07934 get_error_name(name,err));
07935 else
07936 rsbac_printk(KERN_WARNING
07937 "rsbacd(): rsbac_write returned error %i!\n",
07938 err);
07939 }
07940 #ifdef CONFIG_RSBAC_DEBUG
07941 else
07942 if (rsbac_debug_auto && (err > 0))
07943 {
07944 rsbac_printk(KERN_DEBUG
07945 "rsbacd(): rsbac_write() wrote %i lists\n", err);
07946 }
07947 #endif
07948 }
07949
07950
07951
07952
07953
07954
07955
07956 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
07957 #ifdef CONFIG_SOFTWARE_SUSPEND
07958 try_to_freeze();
07959 #endif
07960 #endif
07961 }
07962 }
07963 #endif
07964
07965
07966
07967
07968
07969
07970
07971
07972 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
07973
07974 extern long sys_kill(int pid, int sig);
07975 #endif
07976
07977 struct rsbac_kthread_t {
07978 struct list_head list;
07979 rsbac_pid_t pid;
07980 };
07981 struct rsbac_kthread_t * rsbac_kthread;
07982 int rsbac_kthread_size_t;
07983
07984 int rsbac_kthreads_init(void)
07985 {
07986 rsbac_kthread_size_t = sizeof(struct rsbac_kthread_t);
07987 rsbac_kthread = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07988 INIT_LIST_HEAD(&rsbac_kthread->list);
07989 return 0;
07990 }
07991
07992 int rsbac_mark_kthread(rsbac_pid_t pid)
07993 {
07994 struct rsbac_kthread_t * rsbac_kthread_new;
07995
07996 if (rsbac_initialized)
07997 return 0;
07998 rsbac_kthread_new = kmalloc(rsbac_kthread_size_t, GFP_ATOMIC);
07999 rsbac_kthread_new->pid = pid;
08000 list_add(&rsbac_kthread_new->list, &rsbac_kthread->list);
08001 return 0;
08002 }
08003
08004
08005 #ifdef CONFIG_RSBAC_INIT_DELAY
08006 int rsbac_init(kdev_t root_dev)
08007 #else
08008 int __init rsbac_init(kdev_t root_dev)
08009 #endif
08010 {
08011 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08012 struct rsbac_kthread_t * rsbac_kthread_entry;
08013 struct list_head * p;
08014 #ifdef CONFIG_RSBAC_RC
08015 struct rsbac_rc_process_aci_t rc_init_p_aci = DEFAULT_RC_P_INIT_ACI;
08016 #endif
08017 rsbac_pid_t init_pid;
08018 #endif
08019 int err = 0;
08020 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
08021 || defined(CONFIG_RSBAC_INIT_THREAD)
08022 rsbac_pid_t rsbacd_pid;
08023 #endif
08024
08025 if (rsbac_initialized) {
08026 rsbac_printk(KERN_WARNING "rsbac_init(): RSBAC already initialized\n");
08027 return(-RSBAC_EREINIT);
08028 }
08029 if (!current->fs) {
08030 rsbac_printk(KERN_WARNING "rsbac_init(): current->fs is invalid!\n");
08031 return(-RSBAC_EINVALIDPOINTER);
08032 }
08033
08034 rsbac_root_dev = root_dev;
08035
08036 #if (defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)) \
08037 || defined(CONFIG_RSBAC_INIT_THREAD)
08038
08039 init_waitqueue_head(&rsbacd_wait);
08040 #endif
08041
08042 #ifdef CONFIG_RSBAC_INIT_THREAD
08043
08044 #ifdef CONFIG_RSBAC_MAX_INIT_TIME
08045 #endif
08046 rsbac_printk(KERN_INFO "rsbac_init(): Setting init timeout to %u seconds (%u jiffies).\n",
08047 RSBAC_MAX_INIT_TIME, RSBAC_MAX_INIT_TIME * HZ);
08048 init_timer(&rsbac_timer);
08049 rsbac_timer.function = wakeup_rsbacd;
08050 rsbac_timer.data = 0;
08051 rsbac_timer.expires = jiffies + (RSBAC_MAX_INIT_TIME * HZ);
08052 add_timer(&rsbac_timer);
08053
08054
08055 rsbacd_pid = kernel_thread(rsbac_initd, NULL, 0);
08056 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbac_initd thread with pid %u\n",
08057 rsbacd_pid);
08058
08059 if(!rsbac_initialized)
08060 interruptible_sleep_on(&rsbacd_wait);
08061 if(!rsbac_initialized)
08062 {
08063 rsbac_printk(KERN_ERR
08064 "rsbac_init(): *** RSBAC init timed out - RSBAC not correctly initialized! ***\n");
08065 rsbac_printk(KERN_ERR
08066 "rsbac_init(): *** Killing rsbac_initd! ***\n");
08067 sys_kill(rsbacd_pid, SIGKILL);
08068 rsbac_initialized = FALSE;
08069 }
08070 #else
08071 rsbac_do_init();
08072 #endif
08073
08074 #if defined(CONFIG_RSBAC_AUTO_WRITE) && (CONFIG_RSBAC_AUTO_WRITE > 0)
08075 if(rsbac_initialized) {
08076
08077 rsbacd_pid = kernel_thread(rsbacd, NULL, CLONE_FS | CLONE_FILES | CLONE_SIGHAND);
08078 if(rsbacd_pid < 0)
08079 {
08080 rsbac_printk(KERN_ERR
08081 "rsbac_init(): *** Starting rsbacd thread failed with error %i! ***\n",
08082 rsbacd_pid);
08083 }
08084 else
08085 {
08086 rsbac_printk(KERN_INFO "rsbac_init(): Started rsbacd thread with pid %u\n",
08087 rsbacd_pid);
08088 }
08089 }
08090 #endif
08091
08092
08093
08094 #ifdef CONFIG_RSBAC_INIT_THREAD
08095 sys_wait4(-1, NULL, WNOHANG, NULL);
08096 #endif
08097
08098
08099 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_RC)
08100 {
08101 #ifdef CONFIG_RSBAC_MAC
08102 struct rsbac_mac_user_aci_t mac_u_aci;
08103 #endif
08104 #ifdef CONFIG_RSBAC_RC
08105 struct rsbac_rc_user_aci_t rc_u_aci;
08106 #endif
08107 rsbac_uid_t user = RSBAC_SYSADM_UID;
08108 rsbac_pid_t pid = 1;
08109 struct task_struct * p;
08110
08111 union rsbac_target_id_t k_tid;
08112 union rsbac_attribute_value_t k_attr_val;
08113
08114 rsbac_printk(KERN_INFO "rsbac_init(): Adjusting attributes of existing processes\n");
08115
08116 #ifdef CONFIG_RSBAC_MAC
08117 if(!rsbac_list_get_data(user_handles.mac, &user, &mac_u_aci)) {
08118 mac_init_p_aci.owner_sec_level = mac_u_aci.security_level;
08119 mac_init_p_aci.owner_initial_sec_level = mac_u_aci.initial_security_level;
08120 mac_init_p_aci.current_sec_level = mac_u_aci.initial_security_level;
08121 mac_init_p_aci.owner_min_sec_level = mac_u_aci.min_security_level;
08122 mac_init_p_aci.mac_owner_categories = mac_u_aci.mac_categories;
08123 mac_init_p_aci.mac_owner_initial_categories = mac_u_aci.mac_initial_categories;
08124 mac_init_p_aci.mac_curr_categories = mac_u_aci.mac_initial_categories;
08125 mac_init_p_aci.mac_owner_min_categories = mac_u_aci.mac_min_categories;
08126 mac_init_p_aci.min_write_open = mac_u_aci.security_level;
08127 mac_init_p_aci.max_read_open = mac_u_aci.min_security_level;
08128 mac_init_p_aci.min_write_categories = mac_u_aci.mac_categories;
08129 mac_init_p_aci.max_read_categories = mac_u_aci.mac_min_categories;
08130 mac_init_p_aci.mac_process_flags
08131 = (mac_u_aci.mac_user_flags & RSBAC_MAC_P_FLAGS) | RSBAC_MAC_DEF_INIT_P_FLAGS;
08132 }
08133 #endif
08134
08135
08136 #ifdef CONFIG_RSBAC_MAC
08137 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08138 rsbac_printk(KERN_WARNING
08139 "rsbac_do_init(): MAC ACI for Init process 1 could not be added!\n");
08140 #endif
08141 #ifdef CONFIG_RSBAC_RC
08142
08143 if(rsbac_rc_get_boot_role(&rc_init_p_aci.rc_role)) {
08144
08145 if(!rsbac_list_get_data(user_handles.rc, &user, &rc_u_aci)) {
08146 rc_init_p_aci.rc_role = rc_u_aci.rc_role;
08147 } else {
08148
08149 rsbac_ds_get_error("rsbac_do_init", A_rc_def_role);
08150 rc_init_p_aci.rc_role = RSBAC_RC_GENERAL_ROLE;
08151 }
08152 }
08153 rc_kernel_p_aci.rc_role = rc_init_p_aci.rc_role;
08154 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_init_p_aci))
08155 rsbac_printk(KERN_WARNING
08156 "rsbac_do_init(): RC ACI for Init process 1 could not be added!\n");
08157 #endif
08158 read_lock(&tasklist_lock);
08159 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
08160 for_each_task(p)
08161 #else
08162 for_each_process(p)
08163 #endif
08164 {
08165
08166 if(!p->pid || (p->pid == 1))
08167 continue;
08168 pid = p->pid;
08169 #ifdef CONFIG_RSBAC_DEBUG
08170 if (rsbac_debug_ds) {
08171 rsbac_printk(KERN_DEBUG "rsbac_do_init(): setting aci for process %u\n",
08172 pid);
08173 }
08174 #endif
08175 #ifdef CONFIG_RSBAC_MAC
08176 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08177 rsbac_printk(KERN_WARNING
08178 "rsbac_do_init(): MAC ACI for Init process %u could not be added!\n",
08179 pid);
08180 #endif
08181 #ifdef CONFIG_RSBAC_RC
08182 k_tid.process = p->pid;
08183 if (rsbac_get_attr(GEN, T_PROCESS,
08184 k_tid,
08185 A_kernel_thread,
08186 &k_attr_val,
08187 FALSE)) {
08188 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for Kernel thread %u could not be added!\n", pid);
08189 }
08190 if (k_attr_val.kernel_thread) {
08191 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08192 rsbac_printk(KERN_WARNING
08193 "rsbac_do_init(): RC ACI for Kernel process %u could not be added!\n",
08194 pid);
08195 }
08196 #endif
08197 }
08198 read_unlock(&tasklist_lock);
08199 }
08200 list_for_each(p, &rsbac_kthread->list) {
08201 rsbac_kthread_entry = list_entry(p,
08202 struct rsbac_kthread_t, list);
08203 if (rsbac_kthread_entry->pid != 1
08204 || rsbac_kthread_entry->pid != rsbacd_pid); {
08205 rsbac_kthread_notify(rsbac_kthread_entry->pid);
08206
08207
08208
08209
08210
08211
08212 }
08213 }
08214 init_pid = 1;
08215 #ifdef CONFIG_RSBAC_MAC
08216 if (rsbac_list_add(process_handles.mac[mac_p_hash(init_pid)], &init_pid, &mac_init_p_aci))
08217 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"init\" process could not be added!\n");
08218 if (rsbac_list_add(process_handles.mac[mac_p_hash(rsbacd_pid)], &rsbacd_pid, &mac_init_p_aci))
08219 rsbac_printk(KERN_WARNING "rsbac_do_init(): MAC ACI for \"rsbacd\" process could not be added!\n");
08220 #endif
08221 #ifdef CONFIG_RSBAC_RC
08222 if (rsbac_list_add(process_handles.rc[rc_p_hash(init_pid)], &init_pid, &rc_init_p_aci))
08223 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"init\" process could not be added!\n");
08224 if (rsbac_list_add(process_handles.rc[rc_p_hash(rsbacd_pid)], &rsbacd_pid, &rc_kernel_p_aci))
08225 rsbac_printk(KERN_WARNING "rsbac_do_init(): RC ACI for \"rsbacd\" process could not be added!\n");
08226 #endif
08227
08228
08229
08230 #endif
08231
08232 rsbac_printk(KERN_INFO "rsbac_init(): Ready.\n");
08233 return(err);
08234 }
08235
08236
08237
08238 #if defined(CONFIG_RSBAC_REG)
08239 EXPORT_SYMBOL(rsbac_is_initialized);
08240 #endif
08241 rsbac_boolean_t rsbac_is_initialized(void)
08242 {
08243 return rsbac_initialized;
08244 }
08245
08246 int rsbac_kthread_notify(rsbac_pid_t pid)
08247 {
08248 if (!rsbac_initialized)
08249 return 0;
08250
08251 #ifdef CONFIG_RSBAC_MAC
08252 if(rsbac_list_add(process_handles.mac[mac_p_hash(pid)], &pid, &mac_init_p_aci))
08253 rsbac_printk(KERN_WARNING
08254 "rsbac_do_init(): MAC ACI for kernel process %u could not be added!",
08255 pid);
08256 #endif
08257 #ifdef CONFIG_RSBAC_RC
08258 if(rsbac_list_add(process_handles.rc[rc_p_hash(pid)], &pid, &rc_kernel_p_aci))
08259 rsbac_printk(KERN_WARNING
08260 "rsbac_do_init(): RC ACI for kernel process %u could not be added!",
08261 pid);
08262 #endif
08263 return 0;
08264 }
08265
08266
08267
08268 int rsbac_mount(struct super_block * sb_p, struct dentry * d_covers)
08269 {
08270 int err = 0;
08271 struct rsbac_device_list_item_t * device_p;
08272 struct rsbac_device_list_item_t * new_device_p;
08273 u_long flags;
08274 rsbac_boolean_t old_no_write;
08275
08276 if(!sb_p)
08277 {
08278 rsbac_printk(KERN_WARNING
08279 "rsbac_mount(): called with NULL pointer\n");
08280 return -RSBAC_EINVALIDPOINTER;
08281 }
08282 if (!rsbac_initialized)
08283 {
08284 #ifdef CONFIG_RSBAC_INIT_DELAY
08285 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08286 if( !RSBAC_MAJOR(rsbac_delayed_root)
08287 && !RSBAC_MINOR(rsbac_delayed_root)
08288 && rsbac_delayed_root_str[0]
08289 )
08290 {
08291 char * p = rsbac_delayed_root_str;
08292 u_int major = 0;
08293 u_int minor = 0;
08294
08295 major = simple_strtoul(p, NULL, 0);
08296 while((*p != ':') && (*p != '\0'))
08297 p++;
08298 if(*p)
08299 {
08300 p++;
08301 minor = simple_strtoul(p, NULL, 0);
08302 }
08303 rsbac_delayed_root = RSBAC_MKDEV(major,minor);
08304 }
08305 #endif
08306 if( !rsbac_no_delay_init
08307 && ( ( !RSBAC_MAJOR(rsbac_delayed_root)
08308 && !RSBAC_MINOR(rsbac_delayed_root)
08309 && (MAJOR(sb_p->s_dev) > 1)
08310 )
08311 || ( ( RSBAC_MAJOR(rsbac_delayed_root)
08312 || RSBAC_MINOR(rsbac_delayed_root)
08313 )
08314 && ( (MAJOR(sb_p->s_dev) == RSBAC_MAJOR(rsbac_delayed_root))
08315 && ( !RSBAC_MINOR(rsbac_delayed_root)
08316 || (MINOR(sb_p->s_dev) == RSBAC_MINOR(rsbac_delayed_root))
08317 )
08318 )
08319 )
08320 )
08321 )
08322 {
08323 if(RSBAC_MAJOR(rsbac_delayed_root) || RSBAC_MINOR(rsbac_delayed_root))
08324 {
08325 rsbac_printk(KERN_INFO
08326 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u, matching %02u:%02u!\n",
08327 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev),
08328 RSBAC_MAJOR(rsbac_delayed_root), RSBAC_MINOR(rsbac_delayed_root));
08329 }
08330 else
08331 {
08332 rsbac_printk(KERN_INFO
08333 "rsbac_mount(): forcing delayed RSBAC init on DEV %02u:%02u!\n",
08334 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08335 }
08336 rsbac_init(sb_p->s_dev);
08337 return 0;
08338 }
08339 #endif
08340
08341 rsbac_printk(KERN_WARNING
08342 "rsbac_mount(): RSBAC not initialized while mounting DEV %02u:%02u, delaying\n",
08343 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08344
08345 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08346 if( (sb_p->s_magic == SYSFS_MAGIC)
08347 && !RSBAC_MAJOR(sb_p->s_dev)
08348 )
08349 {
08350 rsbac_printk(KERN_WARNING
08351 "rsbac_mount(): sysfs mount detected, keeping values for later use\n");
08352 sysfs_sb_p = sb_p;
08353 sysfs_covered_p = d_covers;
08354 }
08355 #endif
08356 #ifdef CONFIG_DEVFS_MOUNT
08357 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08358 && !RSBAC_MAJOR(sb_p->s_dev)
08359 )
08360 {
08361 rsbac_printk(KERN_WARNING
08362 "rsbac_mount(): devfs mount detected, keeping values for later use\n");
08363 devfs_sb_p = sb_p;
08364 devfs_covered_p = d_covers;
08365 }
08366 #endif
08367 return(-RSBAC_ENOTINITIALIZED);
08368 }
08369 #ifdef CONFIG_RSBAC_DEBUG
08370 if (rsbac_debug_ds)
08371 {
08372 rsbac_printk(KERN_DEBUG "rsbac_mount(): mounting device %02u:%02u\n",
08373 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08374 }
08375 if(rsbac_debug_stack)
08376 {
08377 unsigned long * n = (unsigned long *) (current+1);
08378
08379 while (!*n)
08380 n++;
08381 rsbac_printk(KERN_DEBUG "rsbac_mount: free stack: %lu\n",
08382 (unsigned long) n - (unsigned long)(current+1));
08383 }
08384 #endif
08385 down(&rsbac_write_sem);
08386 old_no_write = rsbac_debug_no_write;
08387 rsbac_debug_no_write = TRUE;
08388 up(&rsbac_write_sem);
08389
08390 rsbac_read_lock(&device_list_head.lock, &flags);
08391 device_p = lookup_device(sb_p->s_dev);
08392
08393 if(device_p)
08394 {
08395 rsbac_printk(KERN_INFO "rsbac_mount: repeated mount %u of device %02u:%02u\n",
08396 device_p->mount_count, MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08397 device_p->mount_count++;
08398 if( d_covers
08399 && !device_p->d_covers
08400 && (MAJOR(sb_p->s_dev) != MAJOR(rsbac_root_dev))
08401 && (MINOR(sb_p->s_dev) != MINOR(rsbac_root_dev))
08402 )
08403 {
08404 rsbac_printk(KERN_WARNING "rsbac_mount: replacing NULL d_covers with new value %p as inheritance parent\n",
08405 d_covers);
08406 device_p->d_covers = d_covers;
08407 }
08408 rsbac_read_unlock(&device_list_head.lock, &flags);
08409 }
08410 else
08411 {
08412 rsbac_read_unlock(&device_list_head.lock, &flags);
08413
08414 new_device_p = create_device_item(sb_p, d_covers);
08415 #ifdef CONFIG_RSBAC_DEBUG
08416 if(rsbac_debug_stack)
08417 {
08418 unsigned long * n = (unsigned long *) (current+1);
08419
08420 while (!*n)
08421 n++;
08422 rsbac_printk(KERN_DEBUG "rsbac_mount: after creating device item: free stack: %lu\n",
08423 (unsigned long) n - (unsigned long)(current+1));
08424 }
08425 #endif
08426 if(!new_device_p)
08427 {
08428 rsbac_debug_no_write = old_no_write;
08429 return -RSBAC_ECOULDNOTADDDEVICE;
08430 }
08431
08432 rsbac_read_lock(&device_list_head.lock, &flags);
08433
08434 device_p = lookup_device(sb_p->s_dev);
08435 if(device_p)
08436 {
08437 rsbac_printk(KERN_WARNING
08438 "rsbac_mount(): mount race for device %02u:%02u detected!\n",
08439 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08440 device_p->mount_count++;
08441 rsbac_read_unlock(&device_list_head.lock, &flags);
08442 clear_device_item(new_device_p);
08443 }
08444 else
08445 {
08446 rsbac_read_unlock(&device_list_head.lock, &flags);
08447 rsbac_write_lock(&device_list_head.lock, &flags);
08448 device_p = add_device_item(new_device_p);
08449 rsbac_write_unlock(&device_list_head.lock, &flags);
08450 if(!device_p)
08451 {
08452 rsbac_printk(KERN_WARNING "rsbac_mount: adding device %02u:%02u failed!\n",
08453 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08454 clear_device_item(new_device_p);
08455 rsbac_debug_no_write = old_no_write;
08456 return -RSBAC_ECOULDNOTADDDEVICE;
08457 }
08458 }
08459
08460
08461 rsbac_list_mount(sb_p->s_dev);
08462
08463
08464 if((err = register_fd_lists(new_device_p, sb_p->s_dev)))
08465 {
08466 char * tmp;
08467
08468 tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
08469 if(tmp)
08470 {
08471 rsbac_printk(KERN_WARNING
08472 "rsbac_mount(): File/Dir ACI registration failed for dev %02u:%02u, err %s!\n",
08473 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev), get_error_name(tmp,err));
08474 rsbac_kfree(tmp);
08475 }
08476 }
08477 #ifdef CONFIG_RSBAC_DEBUG
08478 if(rsbac_debug_stack)
08479 {
08480 unsigned long * n = (unsigned long *) (current+1);
08481
08482 while (!*n)
08483 n++;
08484 rsbac_printk(KERN_DEBUG "rsbac_mount: after registering fd lists: free stack: %lu\n",
08485 (unsigned long) n - (unsigned long)(current+1));
08486 }
08487 #endif
08488 }
08489
08490
08491
08492 #if defined(CONFIG_RSBAC_MAC)
08493 rsbac_mount_mac(sb_p->s_dev);
08494 #ifdef CONFIG_RSBAC_DEBUG
08495 if(rsbac_debug_stack)
08496 {
08497 unsigned long * n = (unsigned long *) (current+1);
08498
08499 while (!*n)
08500 n++;
08501 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_mac: free stack: %lu\n",
08502 (unsigned long) n - (unsigned long)(current+1));
08503 }
08504 #endif
08505 #endif
08506
08507 #if defined(CONFIG_RSBAC_AUTH)
08508 rsbac_mount_auth(sb_p->s_dev);
08509 #ifdef CONFIG_RSBAC_DEBUG
08510 if(rsbac_debug_stack)
08511 {
08512 unsigned long * n = (unsigned long *) (current+1);
08513
08514 while (!*n)
08515 n++;
08516 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_auth: free stack: %lu\n",
08517 (unsigned long) n - (unsigned long)(current+1));
08518 }
08519 #endif
08520 #endif
08521
08522 #if defined(CONFIG_RSBAC_ACL)
08523 rsbac_mount_acl(sb_p->s_dev);
08524 #ifdef CONFIG_RSBAC_DEBUG
08525 if(rsbac_debug_stack)
08526 {
08527 unsigned long * n = (unsigned long *) (current+1);
08528
08529 while (!*n)
08530 n++;
08531 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_acl: free stack: %lu\n",
08532 (unsigned long) n - (unsigned long)(current+1));
08533 }
08534 #endif
08535 #endif
08536
08537 #if defined(CONFIG_RSBAC_REG)
08538 rsbac_mount_reg(sb_p->s_dev);
08539 #ifdef CONFIG_RSBAC_DEBUG
08540 if(rsbac_debug_stack)
08541 {
08542 unsigned long * n = (unsigned long *) (current+1);
08543
08544 while (!*n)
08545 n++;
08546 rsbac_printk(KERN_DEBUG "rsbac_mount: after mount_reg: free stack: %lu\n",
08547 (unsigned long) n - (unsigned long)(current+1));
08548 }
08549 #endif
08550 #endif
08551
08552 rsbac_debug_no_write = old_no_write;
08553 return(err);
08554 }
08555
08556
08557
08558
08559 int rsbac_umount(struct super_block * sb_p, struct dentry * d_covers)
08560 {
08561 u_long flags;
08562 struct rsbac_device_list_item_t * device_p;
08563 kdev_t kdev;
08564
08565 if(!sb_p)
08566 {
08567 rsbac_printk(KERN_WARNING
08568 "rsbac_umount(): called with NULL pointer\n");
08569 return -RSBAC_EINVALIDPOINTER;
08570 }
08571 if (!rsbac_initialized)
08572 {
08573 rsbac_printk(KERN_WARNING "rsbac_umount(): RSBAC not initialized\n");
08574
08575 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
08576 if( (sb_p->s_magic == SYSFS_MAGIC)
08577 && !RSBAC_MAJOR(sb_p->s_dev)
08578 && sysfs_sb_p
08579 && sysfs_covered_p
08580 )
08581 {
08582 rsbac_printk(KERN_WARNING
08583 "rsbac_umount(): sysfs umount detected, removing auto-mount values\n");
08584 sysfs_sb_p = NULL;
08585 sysfs_covered_p = NULL;
08586 }
08587 #endif
08588 #ifdef CONFIG_DEVFS_MOUNT
08589 if( (sb_p->s_magic == DEVFS_SUPER_MAGIC)
08590 && !RSBAC_MAJOR(sb_p->s_dev)
08591 && devfs_sb_p
08592 && devfs_covered_p
08593 )
08594 {
08595 rsbac_printk(KERN_WARNING
08596 "rsbac_umount(): devfs umount detected, removing auto-mount values\n");
08597 devfs_sb_p = NULL;
08598 devfs_covered_p = NULL;
08599 }
08600 #endif
08601
08602 return(-RSBAC_ENOTINITIALIZED);
08603 }
08604
08605 #ifdef CONFIG_RSBAC_DEBUG
08606 if (rsbac_debug_ds)
08607 {
08608 rsbac_printk(KERN_DEBUG "rsbac_umount(): umounting device %02u:%02u\n",
08609 MAJOR(sb_p->s_dev), MINOR(sb_p->s_dev));
08610 }
08611 #endif
08612
08613 kdev = sb_p->s_dev;
08614
08615
08616 #if defined(CONFIG_RSBAC_AUTO_WRITE)
08617 if(!rsbac_debug_no_write)
08618 {
08619 down(&rsbac_write_sem);
08620
08621 if(!rsbac_debug_no_write)
08622 {
08623 rsbac_write(TRUE);
08624 }
08625 up(&rsbac_write_sem);
08626 }
08627 #endif
08628
08629
08630 #if defined(CONFIG_RSBAC_MAC)
08631 rsbac_umount_mac(kdev);
08632 #endif
08633
08634 #if defined(CONFIG_RSBAC_AUTH)
08635 rsbac_umount_auth(kdev);
08636 #endif
08637
08638 #if defined(CONFIG_RSBAC_ACL)
08639 rsbac_umount_acl(kdev);
08640 #endif
08641
08642 #if defined(CONFIG_RSBAC_REG)
08643 rsbac_umount_reg(kdev);
08644 #endif
08645
08646
08647 rsbac_write_lock(&device_list_head.lock, &flags);
08648
08649 device_p = lookup_device(kdev);
08650 if(device_p)
08651 {
08652 if(device_p->mount_count == 1)
08653 {
08654
08655 rsbac_list_umount(kdev);
08656 remove_device_item(kdev);
08657 }
08658 else
08659 {
08660 if(device_p->mount_count > 1)
08661 {
08662 device_p->mount_count--;
08663 if(device_p->d_covers == d_covers)
08664 {
08665 rsbac_printk(KERN_WARNING "rsbac_umount: removed primary mount for device %02u:%02u, inheritance broken!\n",
08666 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08667 device_p->d_covers = NULL;
08668 }
08669 }
08670 else
08671 {
08672 rsbac_printk(KERN_WARNING "rsbac_umount: device %02u:%02u has mount_count < 1!\n",
08673 RSBAC_MAJOR(kdev), RSBAC_MINOR(kdev));
08674 }
08675 }
08676 }
08677
08678 rsbac_write_unlock(&device_list_head.lock, &flags);
08679
08680 return(0);
08681 }
08682
08683
08684
08685
08686 int rsbac_free_dat_dentries(void)
08687 {
08688 u_long flags;
08689 struct rsbac_device_list_item_t * device_p;
08690
08691 if (!rsbac_initialized)
08692 {
08693 rsbac_printk(KERN_WARNING "rsbac_free_dat_dentry(): RSBAC not initialized\n");
08694 return(-RSBAC_ENOTINITIALIZED);
08695 }
08696
08697 rsbac_printk(KERN_INFO "rsbac_free_dat_dentry(): freeing dat dir dentries\n");
08698
08699
08700 rsbac_write_lock_irq(&device_list_head.lock, &flags);
08701
08702 device_p = device_list_head.head;
08703 while(device_p)
08704 {
08705 if(device_p->rsbac_dir_dentry_p)
08706 {
08707 dput(device_p->rsbac_dir_dentry_p);
08708 device_p->rsbac_dir_dentry_p = NULL;
08709 }
08710 device_p = device_p->next;
08711 }
08712
08713 rsbac_write_unlock_irq(&device_list_head.lock, &flags);
08714
08715 return(0);
08716 }
08717
08718
08719
08720
08721 int rsbac_stats(void)
08722 {
08723 struct rsbac_device_list_item_t * device_p;
08724 int i;
08725 u_long fd_count = 0, fd_sum = 0;
08726 u_long dev_sum = 0;
08727 u_long ipc_sum = 0;
08728 u_long user_sum = 0;
08729 u_long process_sum = 0;
08730 #if defined(CONFIG_RSBAC_UM)
08731 u_long group_sum = 0;
08732 #endif
08733 #if defined(CONFIG_RSBAC_NET_OBJ)
08734 u_long nettemp_sum = 0;
08735 u_long lnetobj_sum = 0;
08736 u_long rnetobj_sum = 0;
08737 #endif
08738 u_long total_sum = 0;
08739 long tmp_count;
08740 u_long dflags;
08741
08742 if (!rsbac_initialized)
08743 {
08744 rsbac_printk(KERN_WARNING "rsbac_stats(): RSBAC not initialized\n");
08745 return(-RSBAC_ENOTINITIALIZED);
08746 }
08747
08748 rsbac_read_lock(&device_list_head.lock, &dflags);
08749
08750
08751
08752 device_p = device_list_head.head;
08753 while (device_p)
08754 {
08755 fd_count = 0;
08756 for (i=0; i < RSBAC_GEN_NR_FD_LISTS; i++)
08757 {
08758 tmp_count = rsbac_list_count(device_p->handles.gen[i]);
08759 if(tmp_count > 0)
08760 fd_count+=tmp_count;
08761 }
08762 rsbac_printk(KERN_INFO "Device %02u:%02u fd_items: %lu GEN",
08763 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count);
08764 fd_sum += fd_count;
08765
08766 #if defined(CONFIG_RSBAC_MAC)
08767 fd_count = 0;
08768 for (i=0; i < RSBAC_MAC_NR_FD_LISTS; i++)
08769 {
08770 tmp_count = rsbac_list_count(device_p->handles.mac[i]);
08771 if(tmp_count > 0)
08772 fd_count+=tmp_count;
08773 }
08774 rsbac_printk(", %lu MAC",
08775 fd_count);
08776 fd_sum += fd_count;
08777 #endif
08778
08779 #if defined(CONFIG_RSBAC_PM)
08780 fd_count = 0;
08781 for (i=0; i < RSBAC_PM_NR_FD_LISTS; i++)
08782 {
08783 tmp_count = rsbac_list_count(device_p->handles.pm[i]);
08784 if(tmp_count > 0)
08785 fd_count+=tmp_count;
08786 }
08787 rsbac_printk(", %lu PM",
08788 fd_count);
08789 fd_sum += fd_count;
08790 #endif
08791
08792 #if defined(CONFIG_RSBAC_DAZ)
08793 fd_count = 0;
08794 for (i=0; i < RSBAC_DAZ_NR_FD_LISTS; i++)
08795 {
08796 tmp_count = rsbac_list_count(device_p->handles.daz[i]);
08797 if(tmp_count > 0)
08798 fd_count+=tmp_count;
08799 }
08800 rsbac_printk(", %lu DAZ",
08801 fd_count);
08802 fd_sum += fd_count;
08803 #if defined(CONFIG_RSBAC_DAZ_CACHE)
08804 fd_count = 0;
08805 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
08806 {
08807 tmp_count = rsbac_list_count(device_p->handles.dazs[i]);
08808 if(tmp_count > 0)
08809 fd_count+=tmp_count;
08810 }
08811 rsbac_printk(", %lu DAZ_SCANNED",
08812 fd_count);
08813 fd_sum += fd_count;
08814 #endif
08815 #endif
08816
08817 #if defined(CONFIG_RSBAC_FF)
08818 fd_count = 0;
08819 for (i=0; i < RSBAC_FF_NR_FD_LISTS; i++)
08820 {
08821 tmp_count = rsbac_list_count(device_p->handles.ff[i]);
08822 if(tmp_count > 0)
08823 fd_count+=tmp_count;
08824 }
08825 rsbac_printk(", %lu FF",
08826 fd_count);
08827 fd_sum += fd_count;
08828 #endif
08829
08830 #if defined(CONFIG_RSBAC_RC)
08831 fd_count = 0;
08832 for (i=0; i < RSBAC_RC_NR_FD_LISTS; i++)
08833 {
08834 tmp_count = rsbac_list_count(device_p->handles.rc[i]);
08835 if(tmp_count > 0)
08836 fd_count+=tmp_count;
08837 }
08838 rsbac_printk(", %lu RC",
08839 fd_count);
08840 fd_sum += fd_count;
08841 #endif
08842
08843 #if defined(CONFIG_RSBAC_AUTH)
08844 fd_count = 0;
08845 for (i=0; i < RSBAC_AUTH_NR_FD_LISTS; i++)
08846 {
08847 tmp_count = rsbac_list_count(device_p->handles.auth[i]);
08848 if(tmp_count > 0)
08849 fd_count+=tmp_count;
08850 }
08851 rsbac_printk(", %lu AUTH",
08852 fd_count);
08853 fd_sum += fd_count;
08854 #endif
08855
08856 #if defined(CONFIG_RSBAC_CAP)
08857 fd_count = 0;
08858 for (i=0; i < RSBAC_CAP_NR_FD_LISTS; i++)
08859 {
08860 tmp_count = rsbac_list_count(device_p->handles.cap[i]);
08861 if(tmp_count > 0)
08862 fd_count+=tmp_count;
08863 }
08864 rsbac_printk(", %lu CAP",
08865 fd_count);
08866 fd_sum += fd_count;
08867 #endif
08868 #if defined(CONFIG_RSBAC_RES)
08869 fd_count = 0;
08870 for (i=0; i < RSBAC_RES_NR_FD_LISTS; i++)
08871 {
08872 tmp_count = rsbac_list_count(device_p->handles.res[i]);
08873 if(tmp_count > 0)
08874 fd_count+=tmp_count;
08875 }
08876 rsbac_printk(", %lu RES",
08877 fd_count);
08878 fd_sum += fd_count;
08879 #endif
08880 #if defined(CONFIG_RSBAC_PAX)
08881 fd_count = 0;
08882 for (i=0; i < RSBAC_PAX_NR_FD_LISTS; i++)
08883 {
08884 tmp_count = rsbac_list_count(device_p->handles.pax[i]);
08885 if(tmp_count > 0)
08886 fd_count+=tmp_count;
08887 }
08888 rsbac_printk(", %lu PAX",
08889 fd_count);
08890 fd_sum += fd_count;
08891 #endif
08892
08893 rsbac_printk("\n");
08894 device_p = device_p->next;
08895 }
08896 rsbac_printk(KERN_INFO "rsbac_stats(): Sum of %u Devices with %lu fd-items\n",
08897 device_list_head.count, fd_sum);
08898
08899 rsbac_read_unlock(&device_list_head.lock, &dflags);
08900 total_sum += fd_sum;
08901
08902
08903 tmp_count = rsbac_list_count(dev_handles.gen);
08904 rsbac_printk(KERN_INFO "DEV items: %lu GEN",
08905 tmp_count);
08906 dev_sum += tmp_count;
08907 #if defined(CONFIG_RSBAC_MAC)
08908 tmp_count = rsbac_list_count(dev_handles.mac);
08909 rsbac_printk(", %lu MAC",
08910 tmp_count);
08911 dev_sum += tmp_count;
08912 #endif
08913 #if defined(CONFIG_RSBAC_PM)
08914 tmp_count = rsbac_list_count(dev_handles.pm);
08915 rsbac_printk(", %lu PM",
08916 tmp_count);
08917 dev_sum += tmp_count;
08918 #endif
08919 #if defined(CONFIG_RSBAC_RC)
08920 tmp_count = rsbac_list_count(dev_major_handles.rc);
08921 rsbac_printk(", %lu major RC",
08922 tmp_count);
08923 dev_sum += tmp_count;
08924 tmp_count = rsbac_list_count(dev_handles.rc);
08925 rsbac_printk(", %lu RC",
08926 tmp_count);
08927 dev_sum += tmp_count;
08928 #endif
08929 rsbac_printk("\n");
08930 rsbac_printk(KERN_INFO "Sum of %lu DEV items\n",
08931 dev_sum);
08932 total_sum += dev_sum;
08933
08934
08935 rsbac_printk(KERN_INFO "IPC items: no GEN");
08936 #if defined(CONFIG_RSBAC_MAC)
08937 tmp_count = rsbac_list_count(ipc_handles.mac);
08938 rsbac_printk(", %lu MAC",
08939 tmp_count);
08940 ipc_sum += tmp_count;
08941 #endif
08942 #if defined(CONFIG_RSBAC_PM)
08943 tmp_count = rsbac_list_count(ipc_handles.pm);
08944 rsbac_printk(", %lu PM",
08945 tmp_count);
08946 ipc_sum += tmp_count;
08947 #endif
08948 #if defined(CONFIG_RSBAC_RC)
08949 tmp_count = rsbac_list_count(ipc_handles.rc);
08950 rsbac_printk(", %lu RC",
08951 tmp_count);
08952 ipc_sum += tmp_count;
08953 #endif
08954 #if defined(CONFIG_RSBAC_JAIL)
08955 tmp_count = rsbac_list_count(ipc_handles.jail);
08956 rsbac_printk(", %lu JAIL",
08957 tmp_count);
08958 ipc_sum += tmp_count;
08959 #endif
08960 rsbac_printk("\n");
08961 rsbac_printk(KERN_INFO "Sum of %lu IPC items\n",
08962 ipc_sum);
08963 total_sum += ipc_sum;
08964
08965
08966 tmp_count = rsbac_list_count(user_handles.gen);
08967 rsbac_printk(KERN_INFO "USER items: %lu GEN",
08968 tmp_count);
08969 user_sum += tmp_count;
08970 #if defined(CONFIG_RSBAC_MAC)
08971 tmp_count = rsbac_list_count(user_handles.mac);
08972 rsbac_printk(", %lu MAC",
08973 tmp_count);
08974 user_sum += tmp_count;
08975 #endif
08976 #if defined(CONFIG_RSBAC_PM)
08977 tmp_count = rsbac_list_count(user_handles.pm);
08978 rsbac_printk(", %lu PM",
08979 tmp_count);
08980 user_sum += tmp_count;
08981 #endif
08982 #if defined(CONFIG_RSBAC_DAZ)
08983 tmp_count = rsbac_list_count(user_handles.daz);
08984 rsbac_printk(", %lu DAZ",
08985 tmp_count);
08986 user_sum += tmp_count;
08987 #endif
08988 #if defined(CONFIG_RSBAC_RC)
08989 tmp_count = rsbac_list_count(user_handles.rc);
08990 rsbac_printk(", %lu RC",
08991 tmp_count);
08992 user_sum += tmp_count;
08993 #endif
08994 #if defined(CONFIG_RSBAC_AUTH)
08995 tmp_count = rsbac_list_count(user_handles.auth);
08996 rsbac_printk(", %lu AUTH",
08997 tmp_count);
08998 user_sum += tmp_count;
08999 #endif
09000 #if defined(CONFIG_RSBAC_CAP)
09001 tmp_count = rsbac_list_count(user_handles.cap);
09002 rsbac_printk(", %lu CAP",
09003 tmp_count);
09004 user_sum += tmp_count;
09005 #endif
09006 #if defined(CONFIG_RSBAC_JAIL)
09007 tmp_count = rsbac_list_count(user_handles.jail);
09008 rsbac_printk(", %lu JAIL",
09009 tmp_count);
09010 user_sum += tmp_count;
09011 #endif
09012 #if defined(CONFIG_RSBAC_RES)
09013 tmp_count = rsbac_list_count(user_handles.res);
09014 rsbac_printk(", %lu RES",
09015 tmp_count);
09016 user_sum += tmp_count;
09017 #endif
09018 #if defined(CONFIG_RSBAC_PAX)
09019 tmp_count = rsbac_list_count(user_handles.pax);
09020 rsbac_printk(", %lu PAX",
09021 tmp_count);
09022 user_sum += tmp_count;
09023 #endif
09024 rsbac_printk("\n");
09025 rsbac_printk(KERN_INFO "Sum of %lu USER items\n",
09026 user_sum);
09027 total_sum += user_sum;
09028
09029
09030 tmp_count = 0;
09031 for(i=0; i<CONFIG_RSBAC_GEN_NR_P_LISTS; i++)
09032 tmp_count += rsbac_list_count(process_handles.gen[i]);
09033 rsbac_printk(KERN_INFO "PROCESS items: %lu GEN",
09034 tmp_count);
09035 process_sum += tmp_count;
09036 #if defined(CONFIG_RSBAC_MAC)
09037 tmp_count = 0;
09038 for(i=0; i<CONFIG_RSBAC_MAC_NR_P_LISTS; i++)
09039 tmp_count += rsbac_list_count(process_handles.mac[i]);
09040 rsbac_printk(", %lu MAC",
09041 tmp_count);
09042 process_sum += tmp_count;
09043 #endif
09044 #if defined(CONFIG_RSBAC_PM)
09045 tmp_count = rsbac_list_count(process_handles.pm);
09046 rsbac_printk(", %lu PM",
09047 tmp_count);
09048 process_sum += tmp_count;
09049 #endif
09050 #if defined(CONFIG_RSBAC_DAZ)
09051 tmp_count = rsbac_list_count(process_handles.daz);
09052 rsbac_printk(", %lu DAZ",
09053 tmp_count);
09054 process_sum += tmp_count;
09055 #endif
09056 #if defined(CONFIG_RSBAC_RC)
09057 tmp_count = 0;
09058 for(i=0; i<CONFIG_RSBAC_RC_NR_P_LISTS; i++)
09059 tmp_count += rsbac_list_count(process_handles.rc[i]);
09060 rsbac_printk(", %lu RC",
09061 tmp_count);
09062 process_sum += tmp_count;
09063 #endif
09064 #if defined(CONFIG_RSBAC_AUTH)
09065 tmp_count = rsbac_list_count(process_handles.auth);
09066 rsbac_printk(", %lu AUTH",
09067 tmp_count);
09068 process_sum += tmp_count;
09069 #endif
09070 #if defined(CONFIG_RSBAC_CAP)
09071 tmp_count = rsbac_list_count(process_handles.cap);
09072 rsbac_printk(", %lu CAP",
09073 tmp_count);
09074 process_sum += tmp_count;
09075 #endif
09076 #if defined(CONFIG_RSBAC_JAIL)
09077 tmp_count = 0;
09078 for(i=0; i<CONFIG_RSBAC_JAIL_NR_P_LISTS; i++)
09079 tmp_count += rsbac_list_count(process_handles.jail[i]);
09080 rsbac_printk(", %lu JAIL",
09081 tmp_count);
09082 process_sum += tmp_count;
09083 #endif
09084 rsbac_printk("\n");
09085 rsbac_printk(KERN_INFO "Sum of %lu PROCESS items\n",
09086 process_sum);
09087 total_sum += process_sum;
09088
09089 #if defined(CONFIG_RSBAC_UM)
09090
09091 rsbac_printk(KERN_INFO "GROUP items: ");
09092 #if defined(CONFIG_RSBAC_RC_UM_PROT)
09093 tmp_count = rsbac_list_count(group_handles.rc);
09094 rsbac_printk("%lu RC",
09095 tmp_count);
09096 user_sum += tmp_count;
09097 #endif
09098 rsbac_printk("\n");
09099 rsbac_printk(KERN_INFO "Sum of %lu GROUP items\n",
09100 group_sum);
09101 total_sum += group_sum;
09102 #endif
09103
09104 #if defined(CONFIG_RSBAC_NET_OBJ)
09105
09106 rsbac_printk(KERN_INFO "NETTEMP items: ");
09107 #if defined(CONFIG_RSBAC_MAC)
09108 tmp_count = rsbac_list_count(nettemp_handles.mac);
09109 rsbac_printk("%lu MAC, ",
09110 tmp_count);
09111 nettemp_sum += tmp_count;
09112 #endif
09113 #if defined(CONFIG_RSBAC_PM)
09114 tmp_count = rsbac_list_count(nettemp_handles.pm);
09115 rsbac_printk("%lu PM, ",
09116 tmp_count);
09117 nettemp_sum += tmp_count;
09118 #endif
09119 #if defined(CONFIG_RSBAC_RC)
09120 tmp_count = rsbac_list_count(nettemp_handles.rc);
09121 rsbac_printk("%lu RC, ",
09122 tmp_count);
09123 nettemp_sum += tmp_count;
09124 #endif
09125 rsbac_printk("\n");
09126 rsbac_printk(KERN_INFO "Sum of %lu NETTEMP items\n",
09127 nettemp_sum);
09128 total_sum += nettemp_sum;
09129
09130
09131 rsbac_printk(KERN_INFO "Local NETOBJ items:");
09132 #if defined(CONFIG_RSBAC_MAC)
09133 tmp_count = rsbac_list_count(lnetobj_handles.mac);
09134 rsbac_printk(" %lu MAC,",
09135 tmp_count);
09136 lnetobj_sum += tmp_count;
09137 #endif
09138 #if defined(CONFIG_RSBAC_PM)
09139 tmp_count = rsbac_list_count(lnetobj_handles.pm);
09140 rsbac_printk(" %lu PM,",
09141 tmp_count);
09142 lnetobj_sum += tmp_count;
09143 #endif
09144 #if defined(CONFIG_RSBAC_RC)
09145 tmp_count = rsbac_list_count(lnetobj_handles.rc);
09146 rsbac_printk(" %lu RC",
09147 tmp_count);
09148 lnetobj_sum += tmp_count;
09149 #endif
09150 rsbac_printk("\n");
09151 rsbac_printk(KERN_INFO "Sum of %lu Local NETOBJ items\n",
09152 lnetobj_sum);
09153 total_sum += lnetobj_sum;
09154
09155
09156 rsbac_printk(KERN_INFO "Remote NETOBJ items:");
09157 #if defined(CONFIG_RSBAC_MAC)
09158 tmp_count = rsbac_list_count(rnetobj_handles.mac);
09159 rsbac_printk(" %lu MAC,",
09160 tmp_count);
09161 rnetobj_sum += tmp_count;
09162 #endif
09163 #if defined(CONFIG_RSBAC_PM)
09164 tmp_count = rsbac_list_count(rnetobj_handles.pm);
09165 rsbac_printk(" %lu PM,",
09166 tmp_count);
09167 rnetobj_sum += tmp_count;
09168 #endif
09169 #if defined(CONFIG_RSBAC_RC)
09170 tmp_count = rsbac_list_count(rnetobj_handles.rc);
09171 rsbac_printk(" %lu RC",
09172 tmp_count);
09173 rnetobj_sum += tmp_count;
09174 #endif
09175 rsbac_printk("\n");
09176 rsbac_printk(KERN_INFO "Sum of %lu Remote NETOBJ items\n",
09177 rnetobj_sum);
09178 total_sum += rnetobj_sum;
09179 #endif
09180
09181 rsbac_printk(KERN_INFO
09182 "Total of %lu registered rsbac-items\n",
09183 total_sum);
09184
09185 rsbac_printk(KERN_INFO
09186 "adf_request calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09187 rsbac_adf_request_count[T_FILE],
09188 rsbac_adf_request_count[T_DIR],
09189 rsbac_adf_request_count[T_FIFO],
09190 rsbac_adf_request_count[T_SYMLINK],
09191 rsbac_adf_request_count[T_DEV],
09192 rsbac_adf_request_count[T_IPC],
09193 rsbac_adf_request_count[T_SCD],
09194 rsbac_adf_request_count[T_USER],
09195 rsbac_adf_request_count[T_PROCESS],
09196 rsbac_adf_request_count[T_NETDEV],
09197 rsbac_adf_request_count[T_NETTEMP],
09198 rsbac_adf_request_count[T_NETOBJ]);
09199 rsbac_printk(KERN_INFO
09200 "adf_set_attr calls: file: %lu, dir: %lu, fifo: %lu, symlink: %lu, dev: %lu, ipc: %lu, scd: %lu, user: %lu, process: %lu, netdev: %lu, nettemp: %lu, netobj: %lu\n",
09201 rsbac_adf_set_attr_count[T_FILE],
09202 rsbac_adf_set_attr_count[T_DIR],
09203 rsbac_adf_set_attr_count[T_FIFO],
09204 rsbac_adf_set_attr_count[T_SYMLINK],
09205 rsbac_adf_set_attr_count[T_DEV],
09206 rsbac_adf_set_attr_count[T_IPC],
09207 rsbac_adf_set_attr_count[T_SCD],
09208 rsbac_adf_set_attr_count[T_USER],
09209 rsbac_adf_set_attr_count[T_PROCESS],
09210 rsbac_adf_set_attr_count[T_NETDEV],
09211 rsbac_adf_set_attr_count[T_NETTEMP],
09212 rsbac_adf_set_attr_count[T_NETOBJ]);
09213
09214 #if defined(CONFIG_RSBAC_PM)
09215 rsbac_stats_pm();
09216 #endif
09217 #if defined(CONFIG_RSBAC_RC)
09218 rsbac_stats_rc();
09219 #endif
09220 #if defined(CONFIG_RSBAC_AUTH)
09221 rsbac_stats_auth();
09222 #endif
09223 #if defined(CONFIG_RSBAC_ACL)
09224 rsbac_stats_acl();
09225 #endif
09226 return(0);
09227 }
09228
09229
09230
09231 int rsbac_check_inode(struct super_block * sb_p, rsbac_inode_nr_t inode)
09232 {
09233 struct inode * inode_p;
09234 int err = 0;
09235
09236 if(!sb_p)
09237 return -RSBAC_EINVALIDPOINTER;
09238 if(!inode)
09239 return -RSBAC_EINVALIDVALUE;
09240 if(!MAJOR(sb_p->s_dev))
09241 return 0;
09242
09243 if(sb_p->s_magic != EXT2_SUPER_MAGIC)
09244 return 0;
09245
09246 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09247 if(sb_p->s_op && sb_p->s_op->read_inode2)
09248 return 0;
09249 #endif
09250 inode_p = iget(sb_p, inode);
09251 if(is_bad_inode(inode_p))
09252 {
09253 return -RSBAC_ENOTFOUND;
09254 }
09255 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09256
09257 if(sb_p->s_magic == EXT2_SUPER_MAGIC)
09258 {
09259 if(inode_p->u.ext2_i.i_dtime)
09260 {
09261 err = -RSBAC_ENOTFOUND;
09262 }
09263 else
09264 {
09265 if(inode_p->i_nlink <= 0)
09266 {
09267 rsbac_printk(KERN_WARNING
09268 "rsbac_check_inode(): inode %u with nlink <= 0 on device %02u:%02u detected!\n",
09269 inode, RSBAC_MAJOR(sb_p->s_dev), RSBAC_MINOR(sb_p->s_dev));
09270 err = -RSBAC_ENOTFOUND;
09271 }
09272 }
09273 }
09274 #endif
09275 iput(inode_p);
09276 return err;
09277 }
09278
09279
09280
09281
09282
09283 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
09284 int rsbac_check(int correct, int check_inode)
09285 {
09286 struct rsbac_device_list_item_t * device_p;
09287 int i;
09288 char * tmp = rsbac_kmalloc(RSBAC_MAXNAMELEN);
09289 int list_no;
09290 long desc_count;
09291 u_long fd_count = 0, fd_sum = 0, tmp_count,
09292 b_count, def_count;
09293 u_long dflags;
09294 rsbac_inode_nr_t * fd_desc_p;
09295
09296 if (!rsbac_initialized)
09297 {
09298 rsbac_printk(KERN_WARNING "rsbac_check(): RSBAC not initialized\n");
09299 return(-RSBAC_ENOTINITIALIZED);
09300 }
09301 if (!tmp)
09302 {
09303 return(-RSBAC_ENOMEM);
09304 }
09305 {
09306
09307 rsbac_read_lock(&device_list_head.lock, &dflags);
09308
09309 device_p = device_list_head.head;
09310 while (device_p)
09311 {
09312 fd_count = 0;
09313 b_count = 0;
09314 def_count = 0;
09315 if(check_inode)
09316 {
09317 if(!device_p->sb_p)
09318 {
09319 rsbac_printk(KERN_WARNING "rsbac_check(): no super block for device %02u:%02u!\n",
09320 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id));
09321 }
09322 }
09323
09324
09325 for(list_no = 0; list_no < RSBAC_GEN_NR_FD_LISTS; list_no++)
09326 {
09327
09328
09329 tmp_count = 0;
09330 desc_count = rsbac_list_get_all_desc(device_p->handles.gen[list_no], (void **) &fd_desc_p);
09331 if(desc_count > 0)
09332 {
09333 for(i=0; i<desc_count; i++)
09334 {
09335
09336 if(check_inode && device_p->sb_p)
09337 {
09338 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]) == -RSBAC_ENOTFOUND)
09339 {
09340 b_count++;
09341 if(correct)
09342 {
09343 rsbac_printk(KERN_INFO
09344 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09345 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09346 rsbac_list_remove(device_p->handles.gen[list_no], &fd_desc_p[i]);
09347 continue;
09348 }
09349 else
09350 {
09351 rsbac_printk(KERN_INFO
09352 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09353 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09354 }
09355 }
09356 }
09357 }
09358
09359 tmp_count++;
09360 rsbac_vfree(fd_desc_p);
09361 fd_count += desc_count;
09362 }
09363 }
09364
09365 #if defined(CONFIG_RSBAC_MAC)
09366
09367 for(list_no = 0; list_no < RSBAC_MAC_NR_FD_LISTS; list_no++)
09368 {
09369
09370
09371 tmp_count = 0;
09372 desc_count = rsbac_list_get_all_desc(device_p->handles.mac[list_no], (void **) &fd_desc_p);
09373 if(desc_count > 0)
09374 {
09375 for(i=0; i<desc_count; i++)
09376 {
09377
09378 if(check_inode && device_p->sb_p)
09379 {
09380 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]) == -RSBAC_ENOTFOUND)
09381 {
09382 b_count++;
09383 if(correct)
09384 {
09385 rsbac_printk(KERN_INFO
09386 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09387 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09388 rsbac_list_remove(device_p->handles.mac[list_no], &fd_desc_p[i]);
09389 continue;
09390 }
09391 else
09392 {
09393 rsbac_printk(KERN_INFO
09394 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09395 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09396 }
09397 }
09398 }
09399 }
09400 tmp_count++;
09401 rsbac_vfree(fd_desc_p);
09402 fd_count += desc_count;
09403 }
09404 }
09405 #endif
09406
09407 #if defined(CONFIG_RSBAC_PM)
09408
09409 for(list_no = 0; list_no < RSBAC_PM_NR_FD_LISTS; list_no++)
09410 {
09411
09412
09413 tmp_count = 0;
09414 desc_count = rsbac_list_get_all_desc(device_p->handles.pm[list_no], (void **) &fd_desc_p);
09415 if(desc_count > 0)
09416 {
09417 for(i=0; i<desc_count; i++)
09418 {
09419
09420 if(check_inode && device_p->sb_p)
09421 {
09422 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09423 {
09424 b_count++;
09425 if(correct)
09426 {
09427 rsbac_printk(KERN_INFO
09428 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09429 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09430 rsbac_list_remove(device_p->handles.pm[list_no], &fd_desc_p[i]);
09431 continue;
09432 }
09433 else
09434 {
09435 rsbac_printk(KERN_INFO
09436 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09437 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09438 }
09439 }
09440 }
09441 }
09442 tmp_count++;
09443 rsbac_vfree(fd_desc_p);
09444 fd_count += desc_count;
09445 }
09446 }
09447 #endif
09448
09449 #if defined(CONFIG_RSBAC_DAZ)
09450
09451 for(list_no = 0; list_no < RSBAC_DAZ_NR_FD_LISTS; list_no++)
09452 {
09453
09454
09455 tmp_count = 0;
09456 desc_count = rsbac_list_get_all_desc(device_p->handles.daz[list_no], (void **) &fd_desc_p);
09457 if(desc_count > 0)
09458 {
09459 for(i=0; i<desc_count; i++)
09460 {
09461
09462 if(check_inode && device_p->sb_p)
09463 {
09464 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09465 {
09466 b_count++;
09467 if(correct)
09468 {
09469 rsbac_printk(KERN_INFO
09470 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09471 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09472 rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]);
09473 continue;
09474 }
09475 else
09476 {
09477 rsbac_printk(KERN_INFO
09478 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09479 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09480 }
09481 }
09482 }
09483 }
09484 tmp_count++;
09485 rsbac_vfree(fd_desc_p);
09486 fd_count += desc_count;
09487 }
09488 }
09489 #if defined(CONFIG_RSBAC_DAZ_CACHE)
09490
09491 for(list_no = 0; list_no < RSBAC_DAZ_SCANNED_NR_FD_LISTS; list_no++)
09492 {
09493
09494
09495 tmp_count = 0;
09496 desc_count = rsbac_list_get_all_desc(device_p->handles.dazs[list_no], (void **) &fd_desc_p);
09497 if(desc_count > 0)
09498 {
09499 for(i=0; i<desc_count; i++)
09500 {
09501
09502 if(check_inode && device_p->sb_p)
09503 {
09504 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09505 {
09506 b_count++;
09507 if(correct)
09508 {
09509 rsbac_printk(KERN_INFO
09510 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09511 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09512 rsbac_list_remove(device_p->handles.daz[list_no], &fd_desc_p[i]);
09513 continue;
09514 }
09515 else
09516 {
09517 rsbac_printk(KERN_INFO
09518 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09519 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09520 }
09521 }
09522 }
09523 }
09524 tmp_count++;
09525 rsbac_vfree(fd_desc_p);
09526 fd_count += desc_count;
09527 }
09528 }
09529 #endif
09530 #endif
09531
09532 #if defined(CONFIG_RSBAC_FF)
09533
09534 for(list_no = 0; list_no < RSBAC_FF_NR_FD_LISTS; list_no++)
09535 {
09536
09537
09538 tmp_count = 0;
09539 desc_count = rsbac_list_get_all_desc(device_p->handles.ff[list_no], (void **) &fd_desc_p);
09540 if(desc_count > 0)
09541 {
09542 for(i=0; i<desc_count; i++)
09543 {
09544
09545 if(check_inode && device_p->sb_p)
09546 {
09547 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09548 {
09549 b_count++;
09550 if(correct)
09551 {
09552 rsbac_printk(KERN_INFO
09553 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09554 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09555 rsbac_list_remove(device_p->handles.ff[list_no], &fd_desc_p[i]);
09556 continue;
09557 }
09558 else
09559 {
09560 rsbac_printk(KERN_INFO
09561 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09562 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09563 }
09564 }
09565 }
09566 }
09567 tmp_count++;
09568 rsbac_vfree(fd_desc_p);
09569 fd_count += desc_count;
09570 }
09571 }
09572 #endif
09573
09574 #if defined(CONFIG_RSBAC_RC)
09575
09576 for(list_no = 0; list_no < RSBAC_RC_NR_FD_LISTS; list_no++)
09577 {
09578
09579
09580 tmp_count = 0;
09581 desc_count = rsbac_list_get_all_desc(device_p->handles.rc[list_no], (void **) &fd_desc_p);
09582 if(desc_count > 0)
09583 {
09584 for(i=0; i<desc_count; i++)
09585 {
09586
09587 if(check_inode && device_p->sb_p)
09588 {
09589 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09590 {
09591 b_count++;
09592 if(correct)
09593 {
09594 rsbac_printk(KERN_INFO
09595 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09596 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09597 rsbac_list_remove(device_p->handles.rc[list_no], &fd_desc_p[i]);
09598 continue;
09599 }
09600 else
09601 {
09602 rsbac_printk(KERN_INFO
09603 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09604 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09605 }
09606 }
09607 }
09608 }
09609 tmp_count++;
09610 rsbac_vfree(fd_desc_p);
09611 fd_count += desc_count;
09612 }
09613 }
09614 #endif
09615
09616 #if defined(CONFIG_RSBAC_AUTH)
09617
09618 for(list_no = 0; list_no < RSBAC_AUTH_NR_FD_LISTS; list_no++)
09619 {
09620
09621
09622 tmp_count = 0;
09623 desc_count = rsbac_list_get_all_desc(device_p->handles.auth[list_no], (void **) &fd_desc_p);
09624 if(desc_count > 0)
09625 {
09626 for(i=0; i<desc_count; i++)
09627 {
09628
09629 if(check_inode && device_p->sb_p)
09630 {
09631 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09632 {
09633 b_count++;
09634 if(correct)
09635 {
09636 rsbac_printk(KERN_INFO
09637 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09638 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09639 rsbac_list_remove(device_p->handles.auth[list_no], &fd_desc_p[i]);
09640 continue;
09641 }
09642 else
09643 {
09644 rsbac_printk(KERN_INFO
09645 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09646 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09647 }
09648 }
09649 }
09650 }
09651 tmp_count++;
09652 rsbac_vfree(fd_desc_p);
09653 fd_count += desc_count;
09654 }
09655 }
09656 #endif
09657
09658 #if defined(CONFIG_RSBAC_CAP)
09659
09660 for(list_no = 0; list_no < RSBAC_CAP_NR_FD_LISTS; list_no++)
09661 {
09662
09663
09664 tmp_count = 0;
09665 desc_count = rsbac_list_get_all_desc(device_p->handles.cap[list_no], (void **) &fd_desc_p);
09666 if(desc_count > 0)
09667 {
09668 for(i=0; i<desc_count; i++)
09669 {
09670
09671 if(check_inode && device_p->sb_p)
09672 {
09673 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09674 {
09675 b_count++;
09676 if(correct)
09677 {
09678 rsbac_printk(KERN_INFO
09679 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09680 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09681 rsbac_list_remove(device_p->handles.cap[list_no], &fd_desc_p[i]);
09682 continue;
09683 }
09684 else
09685 {
09686 rsbac_printk(KERN_INFO
09687 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09688 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09689 }
09690 }
09691 }
09692 }
09693 tmp_count++;
09694 rsbac_vfree(fd_desc_p);
09695 fd_count += desc_count;
09696 }
09697 }
09698 #endif
09699 #if defined(CONFIG_RSBAC_RES)
09700
09701 for(list_no = 0; list_no < RSBAC_RES_NR_FD_LISTS; list_no++)
09702 {
09703
09704
09705 tmp_count = 0;
09706 desc_count = rsbac_list_get_all_desc(device_p->handles.res[list_no], (void **) &fd_desc_p);
09707 if(desc_count > 0)
09708 {
09709 for(i=0; i<desc_count; i++)
09710 {
09711
09712 if(check_inode && device_p->sb_p)
09713 {
09714 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09715 {
09716 b_count++;
09717 if(correct)
09718 {
09719 rsbac_printk(KERN_INFO
09720 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09721 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09722 rsbac_list_remove(device_p->handles.res[list_no], &fd_desc_p[i]);
09723 continue;
09724 }
09725 else
09726 {
09727 rsbac_printk(KERN_INFO
09728 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09729 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09730 }
09731 }
09732 }
09733 }
09734 tmp_count++;
09735 rsbac_vfree(fd_desc_p);
09736 fd_count += desc_count;
09737 }
09738 }
09739 #endif
09740 #if defined(CONFIG_RSBAC_PAX)
09741
09742 for(list_no = 0; list_no < RSBAC_PAX_NR_FD_LISTS; list_no++)
09743 {
09744
09745
09746 tmp_count = 0;
09747 desc_count = rsbac_list_get_all_desc(device_p->handles.pax[list_no], (void **) &fd_desc_p);
09748 if(desc_count > 0)
09749 {
09750 for(i=0; i<desc_count; i++)
09751 {
09752
09753 if(check_inode && device_p->sb_p)
09754 {
09755 if(rsbac_check_inode(device_p->sb_p, fd_desc_p[i]))
09756 {
09757 b_count++;
09758 if(correct)
09759 {
09760 rsbac_printk(KERN_INFO
09761 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u, removing!\n",
09762 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09763 rsbac_list_remove(device_p->handles.pax[list_no], &fd_desc_p[i]);
09764 continue;
09765 }
09766 else
09767 {
09768 rsbac_printk(KERN_INFO
09769 "rsbac_check(): fd_item for bad inode %u on device %02u:%02u, list %u!\n",
09770 fd_desc_p[i], RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), list_no);
09771 }
09772 }
09773 }
09774 }
09775 tmp_count++;
09776 rsbac_vfree(fd_desc_p);
09777 fd_count += desc_count;
09778 }
09779 }
09780 #endif
09781
09782 switch(correct)
09783 {
09784 case 2:
09785 rsbac_printk(KERN_INFO
09786 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
09787 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
09788 b_count);
09789 break;
09790 case 1:
09791 rsbac_printk(KERN_INFO
09792 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu removed due to bad inodes)\n",
09793 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
09794 b_count);
09795 break;
09796 default:
09797 rsbac_printk(KERN_INFO
09798 "rsbac_check(): Device %02u:%02u has %lu file/dir items (%lu with bad inodes)\n",
09799 RSBAC_MAJOR(device_p->id), RSBAC_MINOR(device_p->id), fd_count,
09800 b_count);
09801 }
09802 fd_sum += fd_count;
09803
09804 device_p = device_p->next;
09805 }
09806 rsbac_printk(KERN_INFO "rsbac_check(): Sum of %u Devices with %lu fd-items\n",
09807 device_list_head.count, fd_sum);
09808
09809 rsbac_read_unlock(&device_list_head.lock, &dflags);
09810 }
09811 rsbac_kfree(tmp);
09812 return(0);
09813 }
09814 #endif
09815
09816
09817
09818
09819
09820
09821 #if defined(CONFIG_RSBAC_AUTO_WRITE)
09822 int rsbac_write(rsbac_boolean_t need_lock)
09823 {
09824 int err=0;
09825 u_int count = 0;
09826 int subcount;
09827
09828 if (!rsbac_initialized)
09829 {
09830 rsbac_printk(KERN_WARNING "rsbac_write(): RSBAC not initialized\n");
09831 return(-RSBAC_ENOTINITIALIZED);
09832 }
09833 if(rsbac_debug_no_write)
09834 return 0;
09835
09836 subcount = rsbac_write_lists(need_lock);
09837 if(subcount > 0)
09838 {
09839 count += subcount;
09840 }
09841 else
09842 if(subcount < 0)
09843 {
09844 err = subcount;
09845 if(err != -RSBAC_ENOTWRITABLE)
09846 {
09847 rsbac_printk(KERN_WARNING
09848 "rsbac_write(): rsbac_write_lists() returned error %i\n",
09849 err);
09850 }
09851 }
09852
09853
09854 #if defined(CONFIG_RSBAC_REG)
09855 subcount = rsbac_write_reg(need_lock);
09856 if(subcount > 0)
09857 {
09858 count += subcount;
09859 }
09860 else
09861 if(subcount < 0)
09862 {
09863 err = subcount;
09864 if(err != -RSBAC_ENOTWRITABLE)
09865 {
09866 rsbac_printk(KERN_WARNING
09867 "rsbac_write(): rsbac_write_reg() returned error %i\n",
09868 err);
09869 }
09870 }
09871 #endif
09872
09873 #ifdef CONFIG_RSBAC_DEBUG
09874 if(rsbac_debug_write && count > 0)
09875 {
09876 rsbac_printk(KERN_DEBUG "rsbac_write(): total of %u lists written\n",
09877 count);
09878 }
09879 #endif
09880 return(count);
09881 }
09882 #endif
09883
09884
09885
09886
09887
09888
09889
09890
09891
09892
09893
09894
09895
09896
09897
09898
09899
09900
09901
09902
09903
09904
09905 #if defined(CONFIG_RSBAC_REG)
09906 EXPORT_SYMBOL(rsbac_get_parent);
09907 #endif
09908 int rsbac_get_parent(enum rsbac_target_t target,
09909 union rsbac_target_id_t tid,
09910 enum rsbac_target_t * parent_target_p,
09911 union rsbac_target_id_t * parent_tid_p)
09912 {
09913 if(!parent_target_p || !parent_tid_p)
09914 return -RSBAC_EINVALIDPOINTER;
09915
09916
09917
09918
09919
09920
09921
09922
09923
09924
09925 switch(target)
09926 {
09927 case T_FILE:
09928 case T_DIR:
09929 case T_FIFO:
09930 case T_SYMLINK:
09931 break;
09932 default:
09933 return -RSBAC_EINVALIDTARGET;
09934 }
09935
09936 if(!tid.file.dentry_p)
09937 return -RSBAC_ENOTFOUND;
09938
09939 *parent_target_p = T_DIR;
09940
09941 if( tid.file.dentry_p->d_sb
09942 && (tid.file.dentry_p->d_sb->s_root == tid.file.dentry_p)
09943 )
09944 {
09945 struct rsbac_device_list_item_t * device_p;
09946 u_long dflags;
09947
09948
09949 rsbac_read_lock(&device_list_head.lock, &dflags);
09950
09951 device_p = lookup_device(tid.file.device);
09952 if( !device_p
09953 || !device_p->d_covers
09954 || !device_p->d_covers->d_parent
09955 || !device_p->d_covers->d_parent->d_inode
09956 )
09957 {
09958
09959 rsbac_read_unlock(&device_list_head.lock, &dflags);
09960 return -RSBAC_ENOTFOUND;
09961 }
09962 parent_tid_p->dir.device = device_p->d_covers->d_parent->d_sb->s_dev;
09963 parent_tid_p->dir.inode = device_p->d_covers->d_parent->d_inode->i_ino;
09964 parent_tid_p->dir.dentry_p = device_p->d_covers->d_parent;
09965
09966 rsbac_read_unlock(&device_list_head.lock, &dflags);
09967 }
09968 else
09969 {
09970 if(!tid.file.dentry_p->d_parent)
09971 {
09972 rsbac_printk(KERN_WARNING
09973 "rsbac_get_parent(): oops - d_parent is NULL!\n");
09974 return -RSBAC_ENOTFOUND;
09975 }
09976 if(tid.file.dentry_p == tid.file.dentry_p->d_parent)
09977 {
09978 rsbac_printk(KERN_WARNING
09979 "rsbac_get_parent(): oops - d_parent == dentry_p!\n");
09980 return -RSBAC_ENOTFOUND;
09981 }
09982 if(!tid.file.dentry_p->d_parent->d_inode)
09983 {
09984 rsbac_printk(KERN_WARNING
09985 "rsbac_get_parent(): oops - d_parent has no d_inode!\n");
09986 return -RSBAC_ENOTFOUND;
09987 }
09988 parent_tid_p->dir.device = tid.file.device;
09989 parent_tid_p->dir.inode = tid.file.dentry_p->d_parent->d_inode->i_ino;
09990 parent_tid_p->dir.dentry_p = tid.file.dentry_p->d_parent;
09991 }
09992 return 0;
09993 }
09994
09995 static int get_attr_fd(
09996 rsbac_list_ta_number_t ta_number,
09997 enum rsbac_switch_target_t module,
09998 enum rsbac_target_t target,
09999 union rsbac_target_id_t * tid_p,
10000 enum rsbac_attribute_t attr,
10001 union rsbac_attribute_value_t * value,
10002 rsbac_boolean_t inherit)
10003 {
10004 int err = 0;
10005 struct rsbac_device_list_item_t * device_p;
10006 u_long dflags;
10007 #if defined(CONFIG_RSBAC_FF)
10008 rsbac_ff_flags_t ff_flags = 0;
10009 rsbac_ff_flags_t ff_tmp_flags;
10010 rsbac_ff_flags_t ff_mask = -1;
10011 #endif
10012
10013 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
10014 if( !RSBAC_MAJOR(tid_p->file.device)
10015 && !RSBAC_MINOR(tid_p->file.device)
10016 )
10017 return -RSBAC_EINVALIDDEV;
10018 #endif
10019
10020 for(;;)
10021 {
10022
10023
10024
10025
10026
10027
10028
10029
10030 rsbac_read_lock(&device_list_head.lock, &dflags);
10031
10032
10033
10034
10035
10036
10037
10038
10039
10040
10041 device_p = lookup_device(tid_p->file.device);
10042 if (!device_p)
10043 {
10044 struct super_block * sb_p;
10045
10046 rsbac_read_unlock(&device_list_head.lock, &dflags);
10047 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
10048 sb_p = user_get_super(tid_p->file.device);
10049 #else
10050 sb_p = get_super(tid_p->file.device);
10051 #endif
10052 if(sb_p)
10053 {
10054 rsbac_printk(KERN_INFO
10055 "rsbac_get_attr(): auto-mounting device %02u:%02u\n",
10056 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
10057 rsbac_mount(sb_p, NULL);
10058
10059 drop_super(sb_p);
10060 rsbac_read_lock(&device_list_head.lock, &dflags);
10061 device_p = lookup_device(tid_p->file.device);
10062 if (!device_p)
10063 {
10064 rsbac_printk(KERN_WARNING
10065 "rsbac_get_attr(): unknown device %02u:%02u\n",
10066 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
10067 rsbac_read_unlock(&device_list_head.lock, &dflags);
10068 return -RSBAC_EINVALIDDEV;
10069 }
10070 }
10071 else
10072 return -RSBAC_EINVALIDDEV;
10073 }
10074 switch(module)
10075 {
10076 case GEN:
10077 {
10078 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
10079
10080 if(attr == A_internal)
10081 {
10082 if(!device_p->rsbac_dir_inode || !tid_p->file.inode)
10083 value->internal = FALSE;
10084 else
10085 if(device_p->rsbac_dir_inode == tid_p->file.inode)
10086 value->internal = TRUE;
10087 else
10088 if(inherit)
10089 {
10090 enum rsbac_target_t parent_target;
10091 union rsbac_target_id_t parent_tid;
10092
10093
10094 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10095 {
10096 if(device_p->rsbac_dir_inode == parent_tid.file.inode)
10097 value->internal = TRUE;
10098 else
10099 value->internal = FALSE;
10100 }
10101 else
10102 {
10103 value->internal = FALSE;
10104 }
10105 }
10106 else
10107 {
10108 value->internal = FALSE;
10109 }
10110
10111
10112 rsbac_read_unlock(&device_list_head.lock, &dflags);
10113 return 0;
10114 }
10115 rsbac_ta_list_get_data_ttl(ta_number,
10116 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
10117 NULL,
10118 &tid_p->file.inode,
10119 &aci);
10120 switch (attr)
10121 {
10122 case A_log_array_low:
10123 value->log_array_low = aci.log_array_low;
10124 break;
10125 case A_log_array_high:
10126 value->log_array_high = aci.log_array_high;
10127 break;
10128 case A_log_program_based:
10129 value->log_program_based = aci.log_program_based;
10130 break;
10131 case A_symlink_add_remote_ip:
10132 value->symlink_add_remote_ip = aci.symlink_add_remote_ip;
10133 break;
10134 case A_symlink_add_uid:
10135 value->symlink_add_uid = aci.symlink_add_uid;
10136 break;
10137 case A_symlink_add_mac_level:
10138 value->symlink_add_mac_level = aci.symlink_add_mac_level;
10139 break;
10140 case A_symlink_add_rc_role:
10141 value->symlink_add_rc_role = aci.symlink_add_rc_role;
10142 break;
10143 case A_linux_dac_disable:
10144 value->linux_dac_disable = aci.linux_dac_disable;
10145 if((value->linux_dac_disable == LDD_inherit) && inherit)
10146 {
10147 enum rsbac_target_t parent_target;
10148 union rsbac_target_id_t parent_tid;
10149
10150
10151 rsbac_read_unlock(&device_list_head.lock, &dflags);
10152
10153
10154 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10155 {
10156 target = parent_target;
10157 *tid_p = parent_tid;
10158 continue;
10159 }
10160 else
10161 {
10162 value->linux_dac_disable
10163 = def_gen_root_dir_aci.linux_dac_disable;
10164 return 0;
10165 }
10166 }
10167 break;
10168 case A_fake_root_uid:
10169 value->fake_root_uid = aci.fake_root_uid;
10170 break;
10171 case A_auid_exempt:
10172 value->auid_exempt = aci.auid_exempt;
10173 break;
10174 default:
10175 err = -RSBAC_EINVALIDATTR;
10176 }
10177 }
10178 break;
10179
10180 #if defined(CONFIG_RSBAC_MAC)
10181 case MAC:
10182 {
10183 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
10184
10185 rsbac_ta_list_get_data_ttl(ta_number,
10186 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
10187 NULL,
10188 &tid_p->file.inode,
10189 &aci);
10190 switch (attr)
10191 {
10192 case A_security_level:
10193 value->security_level = aci.sec_level;
10194 if((value->security_level == SL_inherit) && inherit)
10195 {
10196 enum rsbac_target_t parent_target;
10197 union rsbac_target_id_t parent_tid;
10198
10199
10200 rsbac_read_unlock(&device_list_head.lock, &dflags);
10201
10202
10203 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10204 {
10205 target = parent_target;
10206 *tid_p = parent_tid;
10207 continue;
10208 }
10209 else
10210 {
10211 value->security_level
10212 = def_mac_root_dir_aci.sec_level;
10213 return 0;
10214 }
10215 }
10216 break;
10217 case A_mac_categories:
10218 value->mac_categories = aci.mac_categories;
10219 if( (value->mac_categories == RSBAC_MAC_INHERIT_CAT_VECTOR)
10220 && inherit
10221 )
10222 {
10223 enum rsbac_target_t parent_target;
10224 union rsbac_target_id_t parent_tid;
10225
10226
10227 rsbac_read_unlock(&device_list_head.lock, &dflags);
10228
10229
10230 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10231 {
10232 target = parent_target;
10233 *tid_p = parent_tid;
10234 continue;
10235 }
10236 else
10237 {
10238 value->mac_categories
10239 = def_mac_root_dir_aci.mac_categories;
10240 return 0;
10241 }
10242 }
10243 break;
10244 case A_mac_auto:
10245 value->mac_auto = aci.mac_auto;
10246 if( (value->mac_auto == MA_inherit)
10247 && inherit
10248 )
10249 {
10250 enum rsbac_target_t parent_target;
10251 union rsbac_target_id_t parent_tid;
10252
10253
10254 rsbac_read_unlock(&device_list_head.lock, &dflags);
10255
10256
10257 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10258 {
10259 target = parent_target;
10260 *tid_p = parent_tid;
10261 continue;
10262 }
10263 else
10264 {
10265 value->mac_auto
10266 = def_mac_root_dir_aci.mac_auto;
10267 return 0;
10268 }
10269 }
10270 break;
10271 case A_mac_prop_trusted:
10272 value->mac_prop_trusted = aci.mac_prop_trusted;
10273 break;
10274 case A_mac_file_flags:
10275 value->mac_file_flags = aci.mac_file_flags;
10276 break;
10277
10278 default:
10279 err = -RSBAC_EINVALIDATTR;
10280 }
10281 }
10282 break;
10283 #endif
10284
10285 #if defined(CONFIG_RSBAC_PM)
10286 case PM:
10287 {
10288 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
10289
10290 rsbac_ta_list_get_data_ttl(ta_number,
10291 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
10292 NULL,
10293 &tid_p->file.inode,
10294 &aci);
10295 switch (attr)
10296 {
10297 case A_pm_object_class:
10298 value->pm_object_class = aci.pm_object_class;
10299 break;
10300 case A_pm_tp:
10301 value->pm_tp = aci.pm_tp;
10302 break;
10303 case A_pm_object_type:
10304 value->pm_object_type = aci.pm_object_type;
10305 break;
10306 default:
10307 err = -RSBAC_EINVALIDATTR;
10308 }
10309 }
10310 break;
10311 #endif
10312
10313 #if defined(CONFIG_RSBAC_DAZ)
10314 case DAZ:
10315 {
10316 #if defined(CONFIG_RSBAC_DAZ_CACHE)
10317 if(attr == A_daz_scanned)
10318 {
10319 err = rsbac_ta_list_get_data_ttl(ta_number,
10320 device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)],
10321 NULL,
10322 &tid_p->file.inode,
10323 &value->daz_scanned);
10324 }
10325 else
10326 #endif
10327 {
10328 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
10329
10330 rsbac_ta_list_get_data_ttl(ta_number,
10331 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
10332 NULL,
10333 &tid_p->file.inode,
10334 &aci);
10335 switch (attr)
10336 {
10337 case A_daz_scanner:
10338 value->daz_scanner = aci.daz_scanner;
10339 break;
10340 default:
10341 err = -RSBAC_EINVALIDATTR;
10342 }
10343 }
10344 }
10345 break;
10346 #endif
10347
10348 #if defined(CONFIG_RSBAC_FF)
10349 case FF:
10350 {
10351 switch (attr)
10352 {
10353 case A_ff_flags:
10354 ff_tmp_flags = RSBAC_FF_DEF;
10355 rsbac_ta_list_get_data_ttl(ta_number,
10356 device_p->handles.ff[ff_fd_hash(tid_p->file.inode)],
10357 NULL,
10358 &tid_p->file.inode,
10359 &ff_tmp_flags);
10360 ff_flags |= ff_tmp_flags & ff_mask;
10361 value->ff_flags = ff_flags;
10362 if((ff_tmp_flags & FF_add_inherited) && inherit)
10363 {
10364
10365 if(!rsbac_get_parent(target, *tid_p, &target, tid_p))
10366 {
10367
10368 rsbac_read_unlock(&device_list_head.lock, &dflags);
10369
10370 ff_mask &= ~(FF_no_delete_or_rename | FF_add_inherited);
10371 ff_flags &= ~(FF_add_inherited);
10372 continue;
10373 }
10374 else
10375 value->ff_flags &= ~(FF_add_inherited);
10376 }
10377 break;
10378
10379 default:
10380 err = -RSBAC_EINVALIDATTR;
10381 }
10382 }
10383 break;
10384 #endif
10385
10386 #if defined(CONFIG_RSBAC_RC)
10387 case RC:
10388 {
10389 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
10390
10391 rsbac_ta_list_get_data_ttl(ta_number,
10392 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
10393 NULL,
10394 &tid_p->file.inode,
10395 &aci);
10396 switch (attr)
10397 {
10398 case A_rc_type_fd:
10399 value->rc_type_fd = aci.rc_type_fd;
10400 if(value->rc_type_fd == RC_type_inherit_parent && inherit)
10401 {
10402 enum rsbac_target_t parent_target;
10403 union rsbac_target_id_t parent_tid;
10404
10405
10406 rsbac_read_unlock(&device_list_head.lock, &dflags);
10407
10408
10409 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10410 {
10411 target = parent_target;
10412 *tid_p = parent_tid;
10413 continue;
10414 }
10415 else
10416 {
10417 value->rc_type_fd
10418 = def_rc_root_dir_aci.rc_type_fd;
10419 return 0;
10420 }
10421 }
10422 break;
10423 case A_rc_force_role:
10424 value->rc_force_role = aci.rc_force_role;
10425 if(value->rc_force_role == RC_role_inherit_parent && inherit)
10426 {
10427 enum rsbac_target_t parent_target;
10428 union rsbac_target_id_t parent_tid;
10429
10430
10431 rsbac_read_unlock(&device_list_head.lock, &dflags);
10432
10433
10434 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10435 {
10436 target = parent_target;
10437 *tid_p = parent_tid;
10438 continue;
10439 }
10440 else
10441 {
10442 value->rc_force_role
10443 = def_rc_root_dir_aci.rc_force_role;
10444 return 0;
10445 }
10446 }
10447 break;
10448 case A_rc_initial_role:
10449 value->rc_initial_role = aci.rc_initial_role;
10450 if(value->rc_initial_role == RC_role_inherit_parent && inherit)
10451 {
10452 enum rsbac_target_t parent_target;
10453 union rsbac_target_id_t parent_tid;
10454
10455
10456 rsbac_read_unlock(&device_list_head.lock, &dflags);
10457
10458
10459 if(!rsbac_get_parent(target, *tid_p, &parent_target, &parent_tid))
10460 {
10461 target = parent_target;
10462 *tid_p = parent_tid;
10463 continue;
10464 }
10465 else
10466 {
10467 value->rc_initial_role
10468 = def_rc_root_dir_aci.rc_initial_role;
10469 return 0;
10470 }
10471 }
10472 break;
10473
10474 default:
10475 err = -RSBAC_EINVALIDATTR;
10476 }
10477 }
10478 break;
10479 #endif
10480
10481 #if defined(CONFIG_RSBAC_AUTH)
10482 case AUTH:
10483 {
10484 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
10485
10486 rsbac_ta_list_get_data_ttl(ta_number,
10487 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
10488 NULL,
10489 &tid_p->file.inode,
10490 &aci);
10491 switch (attr)
10492 {
10493 case A_auth_may_setuid:
10494 value->auth_may_setuid = aci.auth_may_setuid;
10495 break;
10496 case A_auth_may_set_cap:
10497 value->auth_may_set_cap = aci.auth_may_set_cap;
10498 break;
10499 case A_auth_learn:
10500 value->auth_learn = aci.auth_learn;
10501 break;
10502 default:
10503 err = -RSBAC_EINVALIDATTR;
10504 }
10505 }
10506 break;
10507 #endif
10508
10509 #if defined(CONFIG_RSBAC_CAP)
10510 case CAP:
10511 {
10512 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
10513
10514 rsbac_ta_list_get_data_ttl(ta_number,
10515 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
10516 NULL,
10517 &tid_p->file.inode,
10518 &aci);
10519 switch (attr)
10520 {
10521 case A_min_caps:
10522 value->min_caps = aci.min_caps;
10523 break;
10524 case A_max_caps:
10525 value->max_caps = aci.max_caps;
10526 break;
10527 default:
10528 err = -RSBAC_EINVALIDATTR;
10529 }
10530 }
10531 break;
10532 #endif
10533
10534 #if defined(CONFIG_RSBAC_RES)
10535 case RES:
10536 {
10537 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
10538
10539 rsbac_ta_list_get_data_ttl(ta_number,
10540 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
10541 NULL,
10542 &tid_p->file.inode,
10543 &aci);
10544 switch (attr)
10545 {
10546 case A_res_min:
10547 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min));
10548 break;
10549 case A_res_max:
10550 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max));
10551 break;
10552 default:
10553 err = -RSBAC_EINVALIDATTR;
10554 }
10555 }
10556 break;
10557 #endif
10558
10559 #if defined(CONFIG_RSBAC_PAX)
10560 case PAX:
10561 {
10562 switch (attr)
10563 {
10564 case A_pax_flags:
10565 value->pax_flags = RSBAC_PAX_DEF_FLAGS;
10566 rsbac_ta_list_get_data_ttl(ta_number,
10567 device_p->handles.pax[pax_fd_hash(tid_p->file.inode)],
10568 NULL,
10569 &tid_p->file.inode,
10570 &value->pax_flags);
10571 break;
10572
10573 default:
10574 err = -RSBAC_EINVALIDATTR;
10575 }
10576 }
10577 break;
10578 #endif
10579
10580 default:
10581 err = -RSBAC_EINVALIDMODULE;
10582 }
10583
10584 rsbac_read_unlock(&device_list_head.lock, &dflags);
10585
10586 return err;
10587 }
10588 }
10589
10590 static int get_attr_dev(
10591 rsbac_list_ta_number_t ta_number,
10592 enum rsbac_switch_target_t module,
10593 enum rsbac_target_t target,
10594 struct rsbac_dev_desc_t dev,
10595 enum rsbac_attribute_t attr,
10596 union rsbac_attribute_value_t * value,
10597 rsbac_boolean_t inherit)
10598 {
10599 int err = 0;
10600
10601
10602
10603
10604
10605
10606
10607 switch(module)
10608 {
10609 case GEN:
10610 {
10611 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI;
10612
10613 rsbac_ta_list_get_data_ttl(ta_number,
10614 dev_handles.gen,
10615 NULL,
10616 &dev,
10617 &aci);
10618 switch (attr)
10619 {
10620 case A_log_array_low:
10621 value->log_array_low = aci.log_array_low;
10622 break;
10623 case A_log_array_high:
10624 value->log_array_high = aci.log_array_high;
10625 break;
10626 default:
10627 err = -RSBAC_EINVALIDATTR;
10628 }
10629 }
10630 break;
10631
10632 #if defined(CONFIG_RSBAC_MAC)
10633 case MAC:
10634 {
10635 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
10636
10637 rsbac_ta_list_get_data_ttl(ta_number,
10638 dev_handles.mac,
10639 NULL,
10640 &dev,
10641 &aci);
10642 switch (attr)
10643 {
10644 case A_security_level:
10645 value->security_level = aci.sec_level;
10646 break;
10647 case A_mac_categories:
10648 value->mac_categories = aci.mac_categories;
10649 break;
10650 case A_mac_check:
10651 value->mac_check = aci.mac_check;
10652 break;
10653
10654 default:
10655 err = -RSBAC_EINVALIDATTR;
10656 }
10657 }
10658 break;
10659 #endif
10660
10661 #if defined(CONFIG_RSBAC_PM)
10662 case PM:
10663 {
10664 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
10665
10666 rsbac_ta_list_get_data_ttl(ta_number,
10667 dev_handles.pm,
10668 NULL,
10669 &dev,
10670 &aci);
10671 switch (attr)
10672 {
10673 case A_pm_object_class:
10674 value->pm_object_class = aci.pm_object_class;
10675 break;
10676 case A_pm_object_type:
10677 value->pm_object_type = aci.pm_object_type;
10678 break;
10679 default:
10680 err = -RSBAC_EINVALIDATTR;
10681 }
10682 }
10683 break;
10684 #endif
10685
10686 #if defined(CONFIG_RSBAC_RC)
10687 case RC:
10688 {
10689 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10690
10691 switch(dev.type)
10692 {
10693 case D_char:
10694 case D_block:
10695 if(rsbac_ta_list_get_data_ttl(ta_number,
10696 dev_handles.rc,
10697 NULL,
10698 &dev,
10699 &type)
10700 || ( (type == RC_type_inherit_parent)
10701 && inherit
10702 )
10703 )
10704 rsbac_ta_list_get_data_ttl(ta_number,
10705 dev_major_handles.rc,
10706 NULL,
10707 &dev,
10708 &type);
10709 break;
10710 case D_char_major:
10711 case D_block_major:
10712 dev.type -= (D_block_major - D_block);
10713 rsbac_ta_list_get_data_ttl(ta_number,
10714 dev_major_handles.rc,
10715 NULL,
10716 &dev,
10717 &type);
10718 break;
10719 default:
10720 return -RSBAC_EINVALIDTARGET;
10721 }
10722 switch (attr)
10723 {
10724 case A_rc_type:
10725 value->rc_type = type;
10726 break;
10727
10728 default:
10729 err = -RSBAC_EINVALIDATTR;
10730 }
10731 }
10732 break;
10733 #endif
10734
10735 default:
10736 err = -RSBAC_EINVALIDMODULE;
10737 }
10738
10739 return err;
10740 }
10741
10742 static int get_attr_ipc(
10743 rsbac_list_ta_number_t ta_number,
10744 enum rsbac_switch_target_t module,
10745 enum rsbac_target_t target,
10746 union rsbac_target_id_t * tid_p,
10747 enum rsbac_attribute_t attr,
10748 union rsbac_attribute_value_t * value,
10749 rsbac_boolean_t inherit)
10750 {
10751 int err = 0;
10752
10753
10754
10755
10756
10757
10758
10759
10760 switch(module)
10761 {
10762 #if defined(CONFIG_RSBAC_MAC)
10763 case MAC:
10764 {
10765 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
10766
10767 rsbac_ta_list_get_data_ttl(ta_number,
10768 ipc_handles.mac,
10769 NULL,
10770 &tid_p->ipc,
10771 &aci);
10772 switch (attr)
10773 {
10774 case A_security_level:
10775 value->security_level = aci.sec_level;
10776 break;
10777 case A_mac_categories:
10778 value->mac_categories = aci.mac_categories;
10779 break;
10780
10781 default:
10782 err = -RSBAC_EINVALIDATTR;
10783 }
10784 }
10785 break;
10786 #endif
10787
10788 #if defined(CONFIG_RSBAC_PM)
10789 case PM:
10790 {
10791 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
10792
10793 rsbac_ta_list_get_data_ttl(ta_number,
10794 ipc_handles.pm,
10795 NULL,
10796 &tid_p->ipc,
10797 &aci);
10798 switch (attr)
10799 {
10800 case A_pm_object_class:
10801 value->pm_object_class = aci.pm_object_class;
10802 break;
10803 case A_pm_ipc_purpose:
10804 value->pm_ipc_purpose = aci.pm_ipc_purpose;
10805 break;
10806 case A_pm_object_type:
10807 value->pm_object_type = aci.pm_object_type;
10808 break;
10809 default:
10810 err = -RSBAC_EINVALIDATTR;
10811 }
10812 }
10813 break;
10814 #endif
10815
10816 #if defined(CONFIG_RSBAC_RC)
10817 case RC:
10818 {
10819 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
10820
10821 rsbac_ta_list_get_data_ttl(ta_number,
10822 ipc_handles.rc,
10823 NULL,
10824 &tid_p->ipc,
10825 &type);
10826 switch (attr)
10827 {
10828 case A_rc_type:
10829 value->rc_type = type;
10830 break;
10831
10832 default:
10833 err = -RSBAC_EINVALIDATTR;
10834 }
10835 }
10836 break;
10837 #endif
10838
10839 #if defined(CONFIG_RSBAC_JAIL)
10840 case JAIL:
10841 {
10842 rsbac_jail_id_t id = RSBAC_JAIL_DEF_ID;
10843
10844 rsbac_ta_list_get_data_ttl(ta_number,
10845 ipc_handles.jail,
10846 NULL,
10847 &tid_p->ipc,
10848 &id);
10849 switch (attr)
10850 {
10851 case A_jail_id:
10852 value->jail_id = id;
10853 break;
10854
10855 default:
10856 err = -RSBAC_EINVALIDATTR;
10857 }
10858 }
10859 break;
10860 #endif
10861
10862 default:
10863 err = -RSBAC_EINVALIDMODULE;
10864 }
10865
10866 return err;
10867 }
10868
10869 static int get_attr_user(
10870 rsbac_list_ta_number_t ta_number,
10871 enum rsbac_switch_target_t module,
10872 enum rsbac_target_t target,
10873 union rsbac_target_id_t * tid_p,
10874 enum rsbac_attribute_t attr,
10875 union rsbac_attribute_value_t * value,
10876 rsbac_boolean_t inherit)
10877 {
10878 int err = 0;
10879
10880
10881
10882
10883
10884
10885
10886 switch(module)
10887 {
10888 case GEN:
10889 {
10890 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI;
10891
10892 rsbac_ta_list_get_data_ttl(ta_number,
10893 user_handles.gen,
10894 NULL,
10895 &tid_p->user,
10896 &aci);
10897 switch (attr)
10898 {
10899 case A_pseudo:
10900 value->pseudo = aci.pseudo;
10901 break;
10902 case A_log_user_based:
10903 value->log_user_based = aci.log_user_based;
10904 break;
10905 default:
10906 err = -RSBAC_EINVALIDATTR;
10907 }
10908 }
10909 break;
10910
10911 #if defined(CONFIG_RSBAC_MAC)
10912 case MAC:
10913 {
10914 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
10915
10916 rsbac_ta_list_get_data_ttl(ta_number,
10917 user_handles.mac,
10918 NULL,
10919 &tid_p->user,
10920 &aci);
10921 switch (attr)
10922 {
10923 case A_security_level:
10924 value->security_level = aci.security_level;
10925 break;
10926 case A_initial_security_level:
10927 value->security_level = aci.initial_security_level;
10928 break;
10929 case A_min_security_level:
10930 value->security_level = aci.min_security_level;
10931 break;
10932 case A_mac_categories:
10933 value->mac_categories = aci.mac_categories;
10934 break;
10935 case A_mac_initial_categories:
10936 value->mac_categories = aci.mac_initial_categories;
10937 break;
10938 case A_mac_min_categories:
10939 value->mac_categories = aci.mac_min_categories;
10940 break;
10941 case A_system_role:
10942 case A_mac_role:
10943 value->system_role = aci.system_role;
10944 break;
10945 case A_mac_user_flags:
10946 value->mac_user_flags = aci.mac_user_flags;
10947 break;
10948
10949 default:
10950 err = -RSBAC_EINVALIDATTR;
10951 }
10952 }
10953 break;
10954 #endif
10955
10956 #if defined(CONFIG_RSBAC_PM)
10957 case PM:
10958 {
10959 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
10960
10961 rsbac_ta_list_get_data_ttl(ta_number,
10962 user_handles.pm,
10963 NULL,
10964 &tid_p->user,
10965 &aci);
10966 switch (attr)
10967 {
10968 case A_pm_task_set:
10969 value->pm_task_set = aci.pm_task_set;
10970 break;
10971 case A_pm_role:
10972 value->pm_role = aci.pm_role;
10973 break;
10974 default:
10975 err = -RSBAC_EINVALIDATTR;
10976 }
10977 }
10978 break;
10979 #endif
10980
10981 #if defined(CONFIG_RSBAC_DAZ)
10982 case DAZ:
10983 {
10984 rsbac_system_role_int_t role = SR_user;
10985
10986 rsbac_ta_list_get_data_ttl(ta_number,
10987 user_handles.daz,
10988 NULL,
10989 &tid_p->user,
10990 &role);
10991 switch (attr)
10992 {
10993 case A_system_role:
10994 case A_daz_role:
10995 value->system_role = role;
10996 break;
10997
10998 default:
10999 err = -RSBAC_EINVALIDATTR;
11000 }
11001 }
11002 break;
11003 #endif
11004
11005 #if defined(CONFIG_RSBAC_FF)
11006 case FF:
11007 {
11008 rsbac_system_role_int_t role = SR_user;
11009
11010 rsbac_ta_list_get_data_ttl(ta_number,
11011 user_handles.ff,
11012 NULL,
11013 &tid_p->user,
11014 &role);
11015 switch (attr)
11016 {
11017 case A_system_role:
11018 case A_ff_role:
11019 value->system_role = role;
11020 break;
11021
11022 default:
11023 err = -RSBAC_EINVALIDATTR;
11024 }
11025 }
11026 break;
11027 #endif
11028
11029 #if defined(CONFIG_RSBAC_RC)
11030 case RC:
11031 {
11032 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
11033
11034 rsbac_ta_list_get_data_ttl(ta_number,
11035 user_handles.rc,
11036 NULL,
11037 &tid_p->user,
11038 &aci);
11039 switch (attr)
11040 {
11041 case A_rc_def_role:
11042 value->rc_def_role = aci.rc_role;
11043 break;
11044 case A_rc_type:
11045 value->rc_type = aci.rc_type;
11046 break;
11047 default:
11048 err = -RSBAC_EINVALIDATTR;
11049 }
11050 }
11051 break;
11052 #endif
11053
11054 #if defined(CONFIG_RSBAC_AUTH)
11055 case AUTH:
11056 {
11057 rsbac_system_role_int_t role = SR_user;
11058
11059 rsbac_ta_list_get_data_ttl(ta_number,
11060 user_handles.auth,
11061 NULL,
11062 &tid_p->user,
11063 &role);
11064 switch (attr)
11065 {
11066 case A_system_role:
11067 case A_auth_role:
11068 value->system_role = role;
11069 break;
11070
11071 default:
11072 err = -RSBAC_EINVALIDATTR;
11073 }
11074 }
11075 break;
11076 #endif
11077
11078 #if defined(CONFIG_RSBAC_CAP)
11079 case CAP:
11080 {
11081 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
11082
11083 rsbac_ta_list_get_data_ttl(ta_number,
11084 user_handles.cap,
11085 NULL,
11086 &tid_p->user,
11087 &aci);
11088 switch (attr)
11089 {
11090 case A_system_role:
11091 case A_cap_role:
11092 value->system_role = aci.cap_role;
11093 break;
11094 case A_min_caps:
11095 value->min_caps = aci.min_caps;
11096 break;
11097 case A_max_caps:
11098 value->max_caps = aci.max_caps;
11099 break;
11100 default:
11101 err = -RSBAC_EINVALIDATTR;
11102 }
11103 }
11104 break;
11105 #endif
11106
11107 #if defined(CONFIG_RSBAC_JAIL)
11108 case JAIL:
11109 {
11110 rsbac_system_role_int_t role = SR_user;
11111
11112 rsbac_ta_list_get_data_ttl(ta_number,
11113 user_handles.jail,
11114 NULL,
11115 &tid_p->user,
11116 &role);
11117 switch (attr)
11118 {
11119 case A_system_role:
11120 case A_jail_role:
11121 value->system_role = role;
11122 break;
11123
11124 default:
11125 err = -RSBAC_EINVALIDATTR;
11126 }
11127 }
11128 break;
11129 #endif
11130
11131 #if defined(CONFIG_RSBAC_RES)
11132 case RES:
11133 {
11134 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
11135
11136 if( rsbac_ta_list_get_data_ttl(ta_number,
11137 user_handles.res,
11138 NULL,
11139 &tid_p->user,
11140 &aci)
11141 && (tid_p->user != RSBAC_ALL_USERS)
11142 )
11143 {
11144 tid_p->user = RSBAC_ALL_USERS;
11145 rsbac_ta_list_get_data_ttl(ta_number,
11146 user_handles.res,
11147 NULL,
11148 &tid_p->user,
11149 &aci);
11150 }
11151 switch (attr)
11152 {
11153 case A_system_role:
11154 case A_res_role:
11155 value->system_role = aci.res_role;
11156 break;
11157 case A_res_min:
11158 memcpy(&value->res_array, &aci.res_min, sizeof(aci.res_min));
11159 break;
11160 case A_res_max:
11161 memcpy(&value->res_array, &aci.res_max, sizeof(aci.res_max));
11162 break;
11163 default:
11164 err = -RSBAC_EINVALIDATTR;
11165 }
11166 }
11167 break;
11168 #endif
11169
11170 #if defined(CONFIG_RSBAC_PAX)
11171 case PAX:
11172 {
11173 rsbac_system_role_int_t role = SR_user;
11174
11175 rsbac_ta_list_get_data_ttl(ta_number,
11176 user_handles.pax,
11177 NULL,
11178 &tid_p->user,
11179 &role);
11180 switch (attr)
11181 {
11182 case A_system_role:
11183 case A_pax_role:
11184 value->system_role = role;
11185 break;
11186
11187 default:
11188 err = -RSBAC_EINVALIDATTR;
11189 }
11190 }
11191 break;
11192 #endif
11193
11194 default:
11195 err = -RSBAC_EINVALIDMODULE;
11196 }
11197
11198 return err;
11199 }
11200
11201 static int get_attr_process(
11202 rsbac_list_ta_number_t ta_number,
11203 enum rsbac_switch_target_t module,
11204 enum rsbac_target_t target,
11205 union rsbac_target_id_t * tid_p,
11206 enum rsbac_attribute_t attr,
11207 union rsbac_attribute_value_t * value,
11208 rsbac_boolean_t inherit)
11209 {
11210 int err = 0;
11211
11212
11213
11214
11215
11216
11217
11218 switch(module)
11219 {
11220 case GEN:
11221 {
11222 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI;
11223
11224 rsbac_ta_list_get_data_ttl(ta_number,
11225 process_handles.gen[gen_p_hash(tid_p->process)],
11226 NULL,
11227 &tid_p->process,
11228 &aci);
11229 switch (attr)
11230 {
11231 case A_log_program_based:
11232 value->log_program_based = aci.log_program_based;
11233 break;
11234 case A_fake_root_uid:
11235 value->fake_root_uid = aci.fake_root_uid;
11236 break;
11237 case A_audit_uid:
11238 value->audit_uid = aci.audit_uid;
11239 break;
11240 case A_auid_exempt:
11241 value->auid_exempt = aci.auid_exempt;
11242 break;
11243 case A_remote_ip:
11244 value->remote_ip = aci.remote_ip;
11245 break;
11246 case A_kernel_thread:
11247 value->kernel_thread = aci.kernel_thread;
11248 break;
11249 default:
11250 err = -RSBAC_EINVALIDATTR;
11251 }
11252 }
11253 break;
11254
11255 #if defined(CONFIG_RSBAC_MAC)
11256 case MAC:
11257 {
11258 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
11259
11260 rsbac_ta_list_get_data_ttl(ta_number,
11261 process_handles.mac[mac_p_hash(tid_p->process)],
11262 NULL,
11263 &tid_p->process,
11264 &aci);
11265 switch (attr)
11266 {
11267 case A_security_level:
11268 value->security_level = aci.owner_sec_level;
11269 break;
11270 case A_initial_security_level:
11271 value->security_level = aci.owner_initial_sec_level;
11272 break;
11273 case A_min_security_level:
11274 value->security_level = aci.owner_min_sec_level;
11275 break;
11276 case A_mac_categories:
11277 value->mac_categories = aci.mac_owner_categories;
11278 break;
11279 case A_mac_initial_categories:
11280 value->mac_categories = aci.mac_owner_initial_categories;
11281 break;
11282 case A_mac_min_categories:
11283 value->mac_categories = aci.mac_owner_min_categories;
11284 break;
11285 case A_current_sec_level:
11286 value->current_sec_level = aci.current_sec_level;
11287 break;
11288 case A_mac_curr_categories:
11289 value->mac_categories = aci.mac_curr_categories;
11290 break;
11291 case A_min_write_open:
11292 value->min_write_open = aci.min_write_open;
11293 break;
11294 case A_min_write_categories:
11295 value->mac_categories = aci.min_write_categories;
11296 break;
11297 case A_max_read_open:
11298 value->max_read_open = aci.max_read_open;
11299 break;
11300 case A_max_read_categories:
11301 value->mac_categories = aci.max_read_categories;
11302 break;
11303 case A_mac_process_flags:
11304 value->mac_process_flags = aci.mac_process_flags;
11305 break;
11306 case A_mac_auto:
11307 if(aci.mac_process_flags & MAC_auto)
11308 value->mac_auto = TRUE;
11309 else
11310 value->mac_auto = FALSE;
11311 break;
11312
11313 default:
11314 err = -RSBAC_EINVALIDATTR;
11315 }
11316 }
11317 break;
11318 #endif
11319
11320 #if defined(CONFIG_RSBAC_PM)
11321 case PM:
11322 {
11323 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
11324
11325 rsbac_ta_list_get_data_ttl(ta_number,
11326 process_handles.pm,
11327 NULL,
11328 &tid_p->process,
11329 &aci);
11330 switch (attr)
11331 {
11332 case A_pm_tp:
11333 value->pm_tp = aci.pm_tp;
11334 break;
11335 case A_pm_current_task:
11336 value->pm_current_task = aci.pm_current_task;
11337 break;
11338 case A_pm_process_type:
11339 value->pm_process_type = aci.pm_process_type;
11340 break;
11341 default:
11342 err = -RSBAC_EINVALIDATTR;
11343 }
11344 }
11345 break;
11346 #endif
11347
11348 #if defined(CONFIG_RSBAC_DAZ)
11349 case DAZ:
11350 {
11351 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
11352
11353 rsbac_ta_list_get_data_ttl(ta_number,
11354 process_handles.daz,
11355 NULL,
11356 &tid_p->process,
11357 &aci);
11358 switch (attr)
11359 {
11360 case A_daz_scanner:
11361 value->daz_scanner = aci.daz_scanner;
11362 break;
11363 default:
11364 err = -RSBAC_EINVALIDATTR;
11365 }
11366 }
11367 break;
11368 #endif
11369
11370 #if defined(CONFIG_RSBAC_RC)
11371 case RC:
11372 {
11373 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
11374
11375 rsbac_ta_list_get_data_ttl(ta_number,
11376 process_handles.rc[rc_p_hash(tid_p->process)],
11377 NULL,
11378 &tid_p->process,
11379 &aci);
11380 switch (attr)
11381 {
11382 case A_rc_role:
11383 value->rc_role = aci.rc_role;
11384 break;
11385 case A_rc_type:
11386 value->rc_type = aci.rc_type;
11387 break;
11388 case A_rc_force_role:
11389 value->rc_force_role = aci.rc_force_role;
11390 break;
11391 default:
11392 err = -RSBAC_EINVALIDATTR;
11393 }
11394 }
11395 break;
11396 #endif
11397
11398 #if defined(CONFIG_RSBAC_AUTH)
11399 case AUTH:
11400 {
11401 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
11402
11403 rsbac_ta_list_get_data_ttl(ta_number,
11404 process_handles.auth,
11405 NULL,
11406 &tid_p->process,
11407 &aci);
11408 switch (attr)
11409 {
11410 case A_auth_may_setuid:
11411 value->auth_may_setuid = aci.auth_may_setuid;
11412 break;
11413 case A_auth_may_set_cap:
11414 value->auth_may_set_cap = aci.auth_may_set_cap;
11415 break;
11416 #if defined(CONFIG_RSBAC_AUTH_LEARN)
11417 case A_auth_program_file:
11418 value->auth_program_file = aci.auth_program_file;
11419 break;
11420 case A_auth_start_uid:
11421 value->auth_start_uid = aci.auth_start_uid;
11422 break;
11423 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
11424 case A_auth_start_euid:
11425 value->auth_start_euid = aci.auth_start_euid;
11426 break;
11427 #endif
11428 #ifdef CONFIG_RSBAC_AUTH_GROUP
11429 case A_auth_start_gid:
11430 value->auth_start_gid = aci.auth_start_gid;
11431 break;
11432 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
11433 case A_auth_start_egid:
11434 value->auth_start_egid = aci.auth_start_egid;
11435 break;
11436 #endif
11437 #endif
11438 case A_auth_learn:
11439 value->auth_learn = aci.auth_learn;
11440 break;
11441 #else
11442 case A_auth_learn:
11443 value->auth_learn = FALSE;
11444 break;
11445 #endif
11446 case A_auth_last_auth:
11447 value->auth_last_auth = aci.auth_last_auth;
11448 break;
11449 default:
11450 err = -RSBAC_EINVALIDATTR;
11451 }
11452 }
11453 break;
11454 #endif
11455
11456 #if defined(CONFIG_RSBAC_CAP)
11457 case CAP:
11458 {
11459 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
11460
11461 rsbac_ta_list_get_data_ttl(ta_number,
11462 process_handles.cap,
11463 NULL,
11464 &tid_p->process,
11465 &aci);
11466 switch (attr)
11467 {
11468 case A_cap_process_hiding:
11469 value->cap_process_hiding = aci.cap_process_hiding;
11470 break;
11471 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
11472 case A_max_caps_user:
11473 value->max_caps_user = aci.max_caps_user;
11474 break;
11475 case A_max_caps_program:
11476 value->max_caps_program = aci.max_caps_program;
11477 break;
11478 #endif
11479 default:
11480 err = -RSBAC_EINVALIDATTR;
11481 }
11482 }
11483 break;
11484 #endif
11485
11486 #if defined(CONFIG_RSBAC_JAIL)
11487 case JAIL:
11488 {
11489 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
11490
11491 rsbac_ta_list_get_data_ttl(ta_number,
11492 process_handles.jail[jail_p_hash(tid_p->process)],
11493 NULL,
11494 &tid_p->process,
11495 &aci);
11496 switch (attr)
11497 {
11498 case A_jail_id:
11499 value->jail_id = aci.id;
11500 break;
11501 case A_jail_ip:
11502 value->jail_ip = aci.ip;
11503 break;
11504 case A_jail_flags:
11505 value->jail_flags = aci.flags;
11506 break;
11507 case A_jail_max_caps:
11508 value->jail_max_caps = aci.max_caps;
11509 break;
11510 case A_jail_scd_get:
11511 value->jail_scd_get = aci.scd_get;
11512 break;
11513 case A_jail_scd_modify:
11514 value->jail_scd_modify = aci.scd_modify;
11515 break;
11516 default:
11517 err = -RSBAC_EINVALIDATTR;
11518 }
11519 }
11520 break;
11521 #endif
11522
11523 #if defined(CONFIG_RSBAC_PAX)
11524 case PAX:
11525 {
11526 struct task_struct * task_p;
11527
11528 switch (attr)
11529 {
11530 case A_pax_flags:
11531 read_lock(&tasklist_lock);
11532 task_p = find_task_by_pid(tid_p->process);
11533 if(task_p)
11534 {
11535 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
11536 #if defined(CONFIG_PAX_NOEXEC) || defined(CONFIG_PAX_ASLR)
11537 if(task_p->mm)
11538 value->pax_flags = task_p->mm->pax_flags & RSBAC_PAX_ALL_FLAGS;
11539 else
11540 #endif
11541 value->pax_flags = 0;
11542 #else
11543 value->pax_flags = task_p->flags & RSBAC_PAX_ALL_FLAGS;
11544 #endif
11545 }
11546 else
11547 err = -RSBAC_EINVALIDTARGET;
11548 read_unlock(&tasklist_lock);
11549 break;
11550 default:
11551 err = -RSBAC_EINVALIDATTR;
11552 }
11553 }
11554 break;
11555 #endif
11556
11557 default:
11558 err = -RSBAC_EINVALIDMODULE;
11559 }
11560 return err;
11561 }
11562
11563 #ifdef CONFIG_RSBAC_UM
11564 static int get_attr_group(
11565 rsbac_list_ta_number_t ta_number,
11566 enum rsbac_switch_target_t module,
11567 enum rsbac_target_t target,
11568 union rsbac_target_id_t * tid_p,
11569 enum rsbac_attribute_t attr,
11570 union rsbac_attribute_value_t * value,
11571 rsbac_boolean_t inherit)
11572 {
11573 int err = 0;
11574
11575
11576
11577
11578
11579
11580
11581
11582 switch(module)
11583 {
11584 #if defined(CONFIG_RSBAC_RC_UM_PROT)
11585 case RC:
11586 {
11587 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
11588 rsbac_gid_t group_desc;
11589
11590 group_desc = tid_p->group;
11591 rsbac_ta_list_get_data_ttl(ta_number,
11592 group_handles.rc,
11593 NULL,
11594 &group_desc,
11595 &type);
11596 switch (attr)
11597 {
11598 case A_rc_type:
11599 value->rc_type = type;
11600 break;
11601
11602 default:
11603 err = -RSBAC_EINVALIDATTR;
11604 }
11605 }
11606 break;
11607 #endif
11608
11609 default:
11610 err = -RSBAC_EINVALIDMODULE;
11611 }
11612
11613 return err;
11614 }
11615 #endif
11616
11617 #ifdef CONFIG_RSBAC_NET_DEV
11618 static int get_attr_netdev(
11619 rsbac_list_ta_number_t ta_number,
11620 enum rsbac_switch_target_t module,
11621 enum rsbac_target_t target,
11622 union rsbac_target_id_t * tid_p,
11623 enum rsbac_attribute_t attr,
11624 union rsbac_attribute_value_t * value,
11625 rsbac_boolean_t inherit)
11626 {
11627 int err = 0;
11628
11629
11630
11631
11632
11633
11634
11635
11636 switch(module)
11637 {
11638 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
11639 case GEN:
11640 {
11641 struct rsbac_gen_netdev_aci_t aci = DEFAULT_GEN_NETDEV_ACI;
11642
11643 rsbac_ta_list_get_data_ttl(ta_number,
11644 netdev_handles.gen,
11645 NULL,
11646 &tid_p->netdev,
11647 &aci);
11648 switch (attr)
11649 {
11650 case A_log_array_low:
11651 value->log_array_low = aci.log_array_low;
11652 break;
11653 case A_log_array_high:
11654 value->log_array_high = aci.log_array_high;
11655 break;
11656 default:
11657 err = -RSBAC_EINVALIDATTR;
11658 }
11659 }
11660 break;
11661 #endif
11662 #if defined(CONFIG_RSBAC_RC)
11663 case RC:
11664 {
11665 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
11666
11667 rsbac_ta_list_get_data_ttl(ta_number,
11668 netdev_handles.rc,
11669 NULL,
11670 &tid_p->netdev,
11671 &type);
11672 switch (attr)
11673 {
11674 case A_rc_type:
11675 value->rc_type = type;
11676 break;
11677
11678 default:
11679 err = -RSBAC_EINVALIDATTR;
11680 }
11681 }
11682 break;
11683 #endif
11684
11685 default:
11686 err = -RSBAC_EINVALIDMODULE;
11687 }
11688
11689 return err;
11690 }
11691 #endif
11692
11693 #ifdef CONFIG_RSBAC_NET_OBJ
11694 static int get_attr_nettemp(
11695 rsbac_list_ta_number_t ta_number,
11696 enum rsbac_switch_target_t module,
11697 enum rsbac_target_t target,
11698 union rsbac_target_id_t * tid_p,
11699 enum rsbac_attribute_t attr,
11700 union rsbac_attribute_value_t * value,
11701 rsbac_boolean_t inherit)
11702 {
11703 int err = 0;
11704
11705
11706
11707
11708
11709
11710
11711 if( tid_p->nettemp
11712 && !rsbac_list_exist(net_temp_handle, &tid_p->nettemp)
11713 )
11714 return -RSBAC_EINVALIDTARGET;
11715 switch(module)
11716 {
11717 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
11718 case GEN:
11719 {
11720 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
11721
11722 if(tid_p->nettemp)
11723 rsbac_ta_list_get_data_ttl(ta_number,
11724 nettemp_handles.gen,
11725 NULL,
11726 &tid_p->nettemp,
11727 &aci);
11728 switch (attr)
11729 {
11730 case A_log_array_low:
11731 value->log_array_low = aci.log_array_low;
11732 break;
11733 case A_log_array_high:
11734 value->log_array_high = aci.log_array_high;
11735 break;
11736 default:
11737 err = -RSBAC_EINVALIDATTR;
11738 }
11739 }
11740 break;
11741 #endif
11742 #if defined(CONFIG_RSBAC_MAC)
11743 case MAC:
11744 {
11745 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
11746
11747 rsbac_ta_list_get_data_ttl(ta_number,
11748 nettemp_handles.mac,
11749 NULL,
11750 &tid_p->nettemp,
11751 &aci);
11752 switch (attr)
11753 {
11754 case A_security_level:
11755 value->security_level = aci.sec_level;
11756 break;
11757 case A_mac_categories:
11758 value->mac_categories = aci.mac_categories;
11759 break;
11760
11761 default:
11762 err = -RSBAC_EINVALIDATTR;
11763 }
11764 }
11765 break;
11766 #endif
11767
11768 #if defined(CONFIG_RSBAC_PM)
11769 case PM:
11770 {
11771 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
11772
11773 rsbac_ta_list_get_data_ttl(ta_number,
11774 nettemp_handles.pm,
11775 NULL,
11776 &tid_p->nettemp,
11777 &aci);
11778 switch (attr)
11779 {
11780 case A_pm_object_class:
11781 value->pm_object_class = aci.pm_object_class;
11782 break;
11783 case A_pm_ipc_purpose:
11784 value->pm_ipc_purpose = aci.pm_ipc_purpose;
11785 break;
11786 case A_pm_object_type:
11787 value->pm_object_type = aci.pm_object_type;
11788 break;
11789 default:
11790 err = -RSBAC_EINVALIDATTR;
11791 }
11792 }
11793 break;
11794 #endif
11795
11796 #if defined(CONFIG_RSBAC_RC)
11797 case RC:
11798 {
11799 struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI;
11800
11801 rsbac_ta_list_get_data_ttl(ta_number,
11802 nettemp_handles.rc,
11803 NULL,
11804 &tid_p->nettemp,
11805 &aci);
11806 switch (attr)
11807 {
11808 case A_rc_type:
11809 value->rc_type = aci.netobj_type;
11810 break;
11811
11812 case A_rc_type_nt:
11813 value->rc_type = aci.nettemp_type;
11814 break;
11815
11816 default:
11817 err = -RSBAC_EINVALIDATTR;
11818 }
11819 }
11820 break;
11821 #endif
11822
11823 default:
11824 err = -RSBAC_EINVALIDMODULE;
11825 }
11826 return err;
11827 }
11828
11829 static int get_attr_netobj(
11830 rsbac_list_ta_number_t ta_number,
11831 enum rsbac_switch_target_t module,
11832 enum rsbac_target_t target,
11833 union rsbac_target_id_t * tid_p,
11834 enum rsbac_attribute_t attr,
11835 union rsbac_attribute_value_t * value,
11836 rsbac_boolean_t inherit)
11837 {
11838 int err = 0;
11839
11840
11841
11842
11843
11844
11845
11846 switch(module)
11847 {
11848 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
11849 case GEN:
11850 {
11851 struct rsbac_gen_netobj_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
11852 rsbac_net_temp_id_t temp = 0;
11853
11854 switch (attr)
11855 {
11856 case A_local_log_array_low:
11857 case A_local_log_array_high:
11858 rsbac_ta_net_lookup_templates(ta_number,
11859 &tid_p->netobj,
11860 &temp,
11861 NULL);
11862 break;
11863 case A_remote_log_array_low:
11864 case A_remote_log_array_high:
11865 rsbac_ta_net_lookup_templates(ta_number,
11866 &tid_p->netobj,
11867 NULL,
11868 &temp);
11869 break;
11870
11871 default:
11872 err = -RSBAC_EINVALIDATTR;
11873 }
11874 if(temp)
11875 rsbac_ta_list_get_data_ttl(ta_number,
11876 nettemp_handles.gen,
11877 NULL,
11878 &temp,
11879 &aci);
11880 switch (attr)
11881 {
11882 case A_local_log_array_low:
11883 case A_remote_log_array_low:
11884 value->log_array_low = aci.log_array_low;
11885 break;
11886 case A_local_log_array_high:
11887 case A_remote_log_array_high:
11888 value->log_array_high = aci.log_array_high;
11889 break;
11890
11891 default:
11892 err = -RSBAC_EINVALIDATTR;
11893 }
11894 }
11895 break;
11896 #endif
11897 #if defined(CONFIG_RSBAC_MAC)
11898 case MAC:
11899 {
11900 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
11901
11902 switch(attr)
11903 {
11904 case A_local_sec_level:
11905 case A_local_mac_categories:
11906 if(rsbac_ta_list_get_data_ttl(ta_number,
11907 lnetobj_handles.mac,
11908 NULL,
11909 &tid_p->netobj.sock_p,
11910 &aci))
11911 {
11912 rsbac_net_temp_id_t temp = 0;
11913
11914 rsbac_ta_net_lookup_templates(ta_number,
11915 &tid_p->netobj,
11916 &temp,
11917 NULL);
11918 if(temp)
11919 rsbac_ta_list_get_data_ttl(ta_number,
11920 nettemp_handles.mac,
11921 NULL,
11922 &temp,
11923 &aci);
11924 }
11925 break;
11926
11927 case A_remote_sec_level:
11928 case A_remote_mac_categories:
11929 if(rsbac_ta_list_get_data_ttl(ta_number,
11930 rnetobj_handles.mac,
11931 NULL,
11932 &tid_p->netobj.sock_p,
11933 &aci))
11934 {
11935 rsbac_net_temp_id_t temp = 0;
11936
11937 rsbac_ta_net_lookup_templates(ta_number,
11938 &tid_p->netobj,
11939 NULL,
11940 &temp);
11941 if(temp)
11942 rsbac_ta_list_get_data_ttl(ta_number,
11943 nettemp_handles.mac,
11944 NULL,
11945 &temp,
11946 &aci);
11947 }
11948 break;
11949
11950 default:
11951 err = -RSBAC_EINVALIDATTR;
11952 }
11953 if(err)
11954 break;
11955 switch (attr)
11956 {
11957 case A_local_sec_level:
11958 case A_remote_sec_level:
11959 value->security_level = aci.sec_level;
11960 break;
11961 case A_local_mac_categories:
11962 case A_remote_mac_categories:
11963 value->mac_categories = aci.mac_categories;
11964 break;
11965
11966 default:
11967 err = -RSBAC_EINVALIDATTR;
11968 }
11969 }
11970 break;
11971 #endif
11972
11973 #if defined(CONFIG_RSBAC_PM)
11974 case PM:
11975 {
11976 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
11977
11978 switch(attr)
11979 {
11980 case A_local_pm_object_class:
11981 case A_local_pm_ipc_purpose:
11982 case A_local_pm_object_type:
11983 if(rsbac_ta_list_get_data_ttl(ta_number,
11984 lnetobj_handles.pm,
11985 NULL,
11986 &tid_p->netobj.sock_p,
11987 &aci))
11988 {
11989 rsbac_net_temp_id_t temp = 0;
11990
11991 rsbac_ta_net_lookup_templates(ta_number,
11992 &tid_p->netobj,
11993 &temp,
11994 NULL);
11995 if(temp)
11996 rsbac_ta_list_get_data_ttl(ta_number,
11997 nettemp_handles.pm,
11998 NULL,
11999 &temp,
12000 &aci);
12001 }
12002 break;
12003
12004 case A_remote_pm_object_class:
12005 case A_remote_pm_ipc_purpose:
12006 case A_remote_pm_object_type:
12007 if(rsbac_ta_list_get_data_ttl(ta_number,
12008 rnetobj_handles.pm,
12009 NULL,
12010 &tid_p->netobj.sock_p,
12011 &aci))
12012 {
12013 rsbac_net_temp_id_t temp = 0;
12014
12015 rsbac_ta_net_lookup_templates(ta_number,
12016 &tid_p->netobj,
12017 NULL,
12018 &temp);
12019 if(temp)
12020 rsbac_ta_list_get_data_ttl(ta_number,
12021 nettemp_handles.pm,
12022 NULL,
12023 &temp,
12024 &aci);
12025 }
12026 break;
12027
12028 default:
12029 err = -RSBAC_EINVALIDATTR;
12030 }
12031 if(err)
12032 break;
12033 switch (attr)
12034 {
12035 case A_local_pm_object_class:
12036 case A_remote_pm_object_class:
12037 value->pm_object_class = aci.pm_object_class;
12038 break;
12039 case A_local_pm_ipc_purpose:
12040 case A_remote_pm_ipc_purpose:
12041 value->pm_ipc_purpose = aci.pm_ipc_purpose;
12042 break;
12043 case A_local_pm_object_type:
12044 case A_remote_pm_object_type:
12045 value->pm_object_type = aci.pm_object_type;
12046 break;
12047
12048 default:
12049 err = -RSBAC_EINVALIDATTR;
12050 }
12051 }
12052 break;
12053 #endif
12054
12055 #if defined(CONFIG_RSBAC_RC)
12056 case RC:
12057 {
12058 rsbac_rc_type_id_t type = RSBAC_RC_GENERAL_TYPE;
12059
12060 switch(attr)
12061 {
12062 case A_local_rc_type:
12063 if(rsbac_ta_list_get_data_ttl(ta_number,
12064 lnetobj_handles.rc,
12065 NULL,
12066 &tid_p->netobj.sock_p,
12067 &type))
12068 {
12069 rsbac_net_temp_id_t temp = 0;
12070 struct rsbac_rc_nettemp_aci_t aci;
12071
12072 rsbac_ta_net_lookup_templates(ta_number,
12073 &tid_p->netobj,
12074 &temp,
12075 NULL);
12076 if(temp)
12077 {
12078 if(!rsbac_ta_list_get_data_ttl(ta_number,
12079 nettemp_handles.rc,
12080 NULL,
12081 &temp,
12082 &aci))
12083 type = aci.netobj_type;
12084 }
12085 }
12086 break;
12087
12088 case A_remote_rc_type:
12089 if(rsbac_ta_list_get_data_ttl(ta_number,
12090 rnetobj_handles.rc,
12091 NULL,
12092 &tid_p->netobj.sock_p,
12093 &type))
12094 {
12095 rsbac_net_temp_id_t temp = 0;
12096 struct rsbac_rc_nettemp_aci_t aci;
12097
12098 rsbac_ta_net_lookup_templates(ta_number,
12099 &tid_p->netobj,
12100 NULL,
12101 &temp);
12102 if(temp)
12103 {
12104 if(!rsbac_ta_list_get_data_ttl(ta_number,
12105 nettemp_handles.rc,
12106 NULL,
12107 &temp,
12108 &aci))
12109 type = aci.netobj_type;
12110 }
12111 }
12112 break;
12113
12114 default:
12115 err = -RSBAC_EINVALIDATTR;
12116 }
12117 if(!err)
12118 value->rc_type = type;
12119 }
12120 break;
12121 #endif
12122
12123 default:
12124 err = -RSBAC_EINVALIDMODULE;
12125 }
12126 return err;
12127 }
12128 #endif
12129
12130
12131
12132
12133 int rsbac_ta_get_attr(
12134 rsbac_list_ta_number_t ta_number,
12135 enum rsbac_switch_target_t module,
12136 enum rsbac_target_t target,
12137 union rsbac_target_id_t tid,
12138 enum rsbac_attribute_t attr,
12139 union rsbac_attribute_value_t * value,
12140 rsbac_boolean_t inherit)
12141 {
12142 int err = 0;
12143
12144 if (!rsbac_initialized)
12145 {
12146 rsbac_printk(KERN_WARNING "rsbac_get_attr(): RSBAC not initialized\n");
12147 return(-RSBAC_ENOTINITIALIZED);
12148 }
12149 if (!value)
12150 return(-RSBAC_EINVALIDPOINTER);
12151 if (in_interrupt())
12152 {
12153 rsbac_printk(KERN_WARNING "rsbac_get_attr(): called from interrupt!\n");
12154 }
12155 #ifdef CONFIG_RSBAC_XSTATS
12156 get_attr_count[target]++;
12157 #endif
12158 switch (target)
12159 {
12160 case T_FILE:
12161 case T_DIR:
12162 case T_FIFO:
12163 case T_SYMLINK:
12164 return get_attr_fd(ta_number, module, target, &tid,
12165 attr, value, inherit);
12166
12167 case T_DEV:
12168 return get_attr_dev(ta_number, module, target, tid.dev,
12169 attr, value, inherit);
12170
12171 case T_IPC:
12172 return get_attr_ipc(ta_number, module, target, &tid,
12173 attr, value, inherit);
12174
12175 case T_USER:
12176 return get_attr_user(ta_number, module, target, &tid,
12177 attr, value, inherit);
12178
12179 case T_PROCESS:
12180 return get_attr_process(ta_number, module, target, &tid,
12181 attr, value, inherit);
12182
12183 #ifdef CONFIG_RSBAC_UM
12184 case T_GROUP:
12185 return get_attr_group(ta_number, module, target, &tid,
12186 attr, value, inherit);
12187 #endif
12188
12189 #ifdef CONFIG_RSBAC_NET_DEV
12190 case T_NETDEV:
12191 return get_attr_netdev(ta_number, module, target, &tid,
12192 attr, value, inherit);
12193 #endif
12194
12195 #ifdef CONFIG_RSBAC_NET_OBJ
12196 case T_NETTEMP:
12197 return get_attr_nettemp(ta_number, module, target, &tid,
12198 attr, value, inherit);
12199
12200 case T_NETOBJ:
12201 return get_attr_netobj(ta_number, module, target, &tid,
12202 attr, value, inherit);
12203 #endif
12204
12205
12206 default:
12207 return -RSBAC_EINVALIDTARGET;
12208 }
12209
12210 return err;
12211 }
12212
12213
12214
12215 static int set_attr_fd(
12216 rsbac_list_ta_number_t ta_number,
12217 enum rsbac_switch_target_t module,
12218 enum rsbac_target_t target,
12219 union rsbac_target_id_t * tid_p,
12220 enum rsbac_attribute_t attr,
12221 union rsbac_attribute_value_t * value_p)
12222 {
12223 int err = 0;
12224 struct rsbac_device_list_item_t * device_p;
12225 u_long dflags;
12226
12227
12228
12229
12230
12231
12232
12233
12234
12235 rsbac_read_lock(&device_list_head.lock, &dflags);
12236
12237
12238
12239
12240
12241
12242
12243
12244
12245
12246 device_p = lookup_device(tid_p->file.device);
12247 if (!device_p)
12248 {
12249 struct super_block * sb_p;
12250
12251 rsbac_read_unlock(&device_list_head.lock, &dflags);
12252 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
12253 sb_p = user_get_super(tid_p->file.device);
12254 #else
12255 sb_p = get_super(tid_p->file.device);
12256 #endif
12257 if(sb_p)
12258 {
12259 rsbac_printk(KERN_INFO
12260 "rsbac_set_attr(): auto-mounting device %02u:%02u\n",
12261 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12262 rsbac_mount(sb_p, NULL);
12263
12264 drop_super(sb_p);
12265 rsbac_read_lock(&device_list_head.lock, &dflags);
12266 device_p = lookup_device(tid_p->file.device);
12267 if (!device_p)
12268 {
12269 rsbac_printk(KERN_WARNING
12270 "rsbac_set_attr(): unknown device %02u:%02u\n",
12271 RSBAC_MAJOR(tid_p->file.device), RSBAC_MINOR(tid_p->file.device));
12272 rsbac_read_unlock(&device_list_head.lock, &dflags);
12273 return -RSBAC_EINVALIDDEV;
12274 }
12275 }
12276 else
12277 return -RSBAC_EINVALIDDEV;
12278 }
12279 switch(module)
12280 {
12281 case GEN:
12282 {
12283 struct rsbac_gen_fd_aci_t aci = DEFAULT_GEN_FD_ACI;
12284
12285 rsbac_ta_list_get_data_ttl(ta_number,
12286 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
12287 NULL,
12288 &tid_p->file.inode,
12289 &aci);
12290 switch (attr)
12291 {
12292 case A_log_array_low:
12293 aci.log_array_low = value_p->log_array_low;
12294 break;
12295 case A_log_array_high:
12296 aci.log_array_high = value_p->log_array_high;
12297 break;
12298 case A_log_program_based:
12299 aci.log_program_based = value_p->log_program_based;
12300 break;
12301 case A_symlink_add_remote_ip:
12302 aci.symlink_add_remote_ip = value_p->symlink_add_remote_ip;
12303 break;
12304 case A_symlink_add_uid:
12305 aci.symlink_add_uid = value_p->symlink_add_uid;
12306 break;
12307 case A_symlink_add_mac_level:
12308 aci.symlink_add_mac_level = value_p->symlink_add_mac_level;
12309 break;
12310 case A_symlink_add_rc_role:
12311 aci.symlink_add_rc_role = value_p->symlink_add_rc_role;
12312 break;
12313 case A_linux_dac_disable:
12314 aci.linux_dac_disable = value_p->linux_dac_disable;
12315 break;
12316 case A_fake_root_uid:
12317 aci.fake_root_uid = value_p->fake_root_uid;
12318 break;
12319 case A_auid_exempt:
12320 aci.auid_exempt = value_p->auid_exempt;
12321 break;
12322 default:
12323 err = -RSBAC_EINVALIDATTR;
12324 }
12325 if(!err)
12326 {
12327 err = rsbac_ta_list_add_ttl(ta_number,
12328 device_p->handles.gen[gen_fd_hash(tid_p->file.inode)],
12329 0,
12330 &tid_p->file.inode,
12331 &aci);
12332 }
12333 }
12334 break;
12335
12336 #if defined(CONFIG_RSBAC_MAC)
12337 case MAC:
12338 {
12339 struct rsbac_mac_fd_aci_t aci = DEFAULT_MAC_FD_ACI;
12340
12341 rsbac_ta_list_get_data_ttl(ta_number,
12342 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
12343 NULL,
12344 &tid_p->file.inode,
12345 &aci);
12346 switch (attr)
12347 {
12348 case A_security_level:
12349 aci.sec_level = value_p->security_level;
12350 break;
12351 case A_mac_categories:
12352 aci.mac_categories = value_p->mac_categories;
12353 break;
12354 case A_mac_auto:
12355 aci.mac_auto = value_p->mac_auto;
12356 break;
12357 case A_mac_prop_trusted:
12358 aci.mac_prop_trusted = value_p->mac_prop_trusted;
12359 break;
12360 case A_mac_file_flags:
12361 aci.mac_file_flags = value_p->mac_file_flags & RSBAC_MAC_F_FLAGS;
12362 break;
12363
12364 default:
12365 err = -RSBAC_EINVALIDATTR;
12366 }
12367 if(!err)
12368 {
12369 err = rsbac_ta_list_add_ttl(ta_number,
12370 device_p->handles.mac[mac_fd_hash(tid_p->file.inode)],
12371 0,
12372 &tid_p->file.inode,
12373 &aci);
12374 }
12375 }
12376 break;
12377 #endif
12378
12379 #if defined(CONFIG_RSBAC_PM)
12380 case PM:
12381 {
12382 struct rsbac_pm_fd_aci_t aci = DEFAULT_PM_FD_ACI;
12383
12384 rsbac_ta_list_get_data_ttl(ta_number,
12385 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
12386 NULL,
12387 &tid_p->file.inode,
12388 &aci);
12389 switch (attr)
12390 {
12391 case A_pm_object_class:
12392 aci.pm_object_class = value_p->pm_object_class;
12393 break;
12394 case A_pm_tp:
12395 aci.pm_tp = value_p->pm_tp;
12396 break;
12397 case A_pm_object_type:
12398 aci.pm_object_type = value_p->pm_object_type;
12399 break;
12400 default:
12401 err = -RSBAC_EINVALIDATTR;
12402 }
12403 if(!err)
12404 {
12405 err = rsbac_ta_list_add_ttl(ta_number,
12406 device_p->handles.pm[pm_fd_hash(tid_p->file.inode)],
12407 0,
12408 &tid_p->file.inode,
12409 &aci);
12410 }
12411 }
12412 break;
12413 #endif
12414
12415 #if defined(CONFIG_RSBAC_DAZ)
12416 case DAZ:
12417 {
12418 #if defined(CONFIG_RSBAC_DAZ_CACHE)
12419 if(attr == A_daz_scanned)
12420 {
12421 err = rsbac_list_add_ttl(device_p->handles.dazs[daz_scanned_fd_hash(tid_p->file.inode)],
12422 rsbac_daz_ttl,
12423 &tid_p->file.inode,
12424 &value_p->daz_scanned);
12425 }
12426 else
12427 #endif
12428 {
12429 struct rsbac_daz_fd_aci_t aci = DEFAULT_DAZ_FD_ACI;
12430
12431 rsbac_ta_list_get_data_ttl(ta_number,
12432 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
12433 NULL,
12434 &tid_p->file.inode,
12435 &aci);
12436 switch (attr)
12437 {
12438 case A_daz_scanner:
12439 aci.daz_scanner = value_p->daz_scanner;
12440 break;
12441 default:
12442 err = -RSBAC_EINVALIDATTR;
12443 }
12444 if(!err)
12445 {
12446 err = rsbac_ta_list_add_ttl(ta_number,
12447 device_p->handles.daz[daz_fd_hash(tid_p->file.inode)],
12448 0,
12449 &tid_p->file.inode,
12450 &aci);
12451 }
12452 }
12453 }
12454 break;
12455 #endif
12456
12457 #if defined(CONFIG_RSBAC_FF)
12458 case FF:
12459 {
12460 switch (attr)
12461 {
12462 case A_ff_flags:
12463 err = rsbac_ta_list_add_ttl(ta_number,
12464 device_p->handles.ff[ff_fd_hash(tid_p->file.inode)],
12465 0,
12466 &tid_p->file.inode,
12467 &value_p->ff_flags);
12468 break;
12469
12470 default:
12471 err = -RSBAC_EINVALIDATTR;
12472 }
12473 }
12474 break;
12475 #endif
12476
12477 #if defined(CONFIG_RSBAC_RC)
12478 case RC:
12479 {
12480 struct rsbac_rc_fd_aci_t aci = DEFAULT_RC_FD_ACI;
12481
12482 rsbac_ta_list_get_data_ttl(ta_number,
12483 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
12484 NULL,
12485 &tid_p->file.inode,
12486 &aci);
12487 switch (attr)
12488 {
12489 case A_rc_type_fd:
12490 aci.rc_type_fd = value_p->rc_type_fd;
12491 break;
12492 case A_rc_force_role:
12493 aci.rc_force_role = value_p->rc_force_role;
12494 break;
12495 case A_rc_initial_role:
12496 aci.rc_initial_role = value_p->rc_initial_role;
12497 break;
12498
12499 default:
12500 err = -RSBAC_EINVALIDATTR;
12501 }
12502 if(!err)
12503 {
12504 err = rsbac_ta_list_add_ttl(ta_number,
12505 device_p->handles.rc[rc_fd_hash(tid_p->file.inode)],
12506 0,
12507 &tid_p->file.inode,
12508 &aci);
12509 }
12510 }
12511 break;
12512 #endif
12513
12514 #if defined(CONFIG_RSBAC_AUTH)
12515 case AUTH:
12516 {
12517 struct rsbac_auth_fd_aci_t aci = DEFAULT_AUTH_FD_ACI;
12518
12519 rsbac_ta_list_get_data_ttl(ta_number,
12520 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
12521 NULL,
12522 &tid_p->file.inode,
12523 &aci);
12524 switch (attr)
12525 {
12526 case A_auth_may_setuid:
12527 aci.auth_may_setuid = value_p->auth_may_setuid;
12528 break;
12529 case A_auth_may_set_cap:
12530 aci.auth_may_set_cap = value_p->auth_may_set_cap;
12531 break;
12532 case A_auth_learn:
12533 aci.auth_learn = value_p->auth_learn;
12534 break;
12535 default:
12536 err = -RSBAC_EINVALIDATTR;
12537 }
12538 if(!err)
12539 {
12540 err = rsbac_ta_list_add_ttl(ta_number,
12541 device_p->handles.auth[auth_fd_hash(tid_p->file.inode)],
12542 0,
12543 &tid_p->file.inode,
12544 &aci);
12545 }
12546 }
12547 break;
12548 #endif
12549
12550 #if defined(CONFIG_RSBAC_CAP)
12551 case CAP:
12552 {
12553 struct rsbac_cap_fd_aci_t aci = DEFAULT_CAP_FD_ACI;
12554
12555 rsbac_ta_list_get_data_ttl(ta_number,
12556 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
12557 NULL,
12558 &tid_p->file.inode,
12559 &aci);
12560 switch (attr)
12561 {
12562 case A_min_caps:
12563 aci.min_caps = value_p->min_caps;
12564 break;
12565 case A_max_caps:
12566 aci.max_caps = value_p->max_caps;
12567 break;
12568 default:
12569 err = -RSBAC_EINVALIDATTR;
12570 }
12571 if(!err)
12572 {
12573 err = rsbac_ta_list_add_ttl(ta_number,
12574 device_p->handles.cap[cap_fd_hash(tid_p->file.inode)],
12575 0,
12576 &tid_p->file.inode,
12577 &aci);
12578 }
12579 }
12580 break;
12581 #endif
12582
12583 #if defined(CONFIG_RSBAC_RES)
12584 case RES:
12585 {
12586 struct rsbac_res_fd_aci_t aci = DEFAULT_RES_FD_ACI;
12587
12588 rsbac_ta_list_get_data_ttl(ta_number,
12589 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12590 NULL,
12591 &tid_p->file.inode,
12592 &aci);
12593 switch (attr)
12594 {
12595 case A_res_min:
12596 memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min));
12597 break;
12598 case A_res_max:
12599 memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max));
12600 break;
12601 default:
12602 err = -RSBAC_EINVALIDATTR;
12603 }
12604 if(!err)
12605 {
12606 struct rsbac_res_fd_aci_t def_aci = DEFAULT_RES_FD_ACI;
12607
12608 if(memcmp(&aci, &def_aci, sizeof(aci)))
12609 err = rsbac_ta_list_add_ttl(ta_number,
12610 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12611 0,
12612 &tid_p->file.inode,
12613 &aci);
12614 else
12615 err = rsbac_ta_list_remove(ta_number,
12616 device_p->handles.res[res_fd_hash(tid_p->file.inode)],
12617 &tid_p->file.inode);
12618 }
12619 }
12620 break;
12621 #endif
12622
12623 #if defined(CONFIG_RSBAC_PAX)
12624 case PAX:
12625 {
12626 switch (attr)
12627 {
12628 case A_pax_flags:
12629 value_p->pax_flags &= RSBAC_PAX_ALL_FLAGS;
12630 err = rsbac_ta_list_add_ttl(ta_number,
12631 device_p->handles.pax[pax_fd_hash(tid_p->file.inode)],
12632 0,
12633 &tid_p->file.inode,
12634 &value_p->pax_flags);
12635 break;
12636
12637 default:
12638 err = -RSBAC_EINVALIDATTR;
12639 }
12640 }
12641 break;
12642 #endif
12643
12644 default:
12645 err = -RSBAC_EINVALIDMODULE;
12646 }
12647
12648 rsbac_read_unlock(&device_list_head.lock, &dflags);
12649
12650 return err;
12651 }
12652
12653 static int set_attr_dev(
12654 rsbac_list_ta_number_t ta_number,
12655 enum rsbac_switch_target_t module,
12656 enum rsbac_target_t target,
12657 struct rsbac_dev_desc_t dev,
12658 enum rsbac_attribute_t attr,
12659 union rsbac_attribute_value_t * value_p)
12660 {
12661 int err = 0;
12662
12663
12664
12665
12666
12667
12668
12669
12670 switch(module)
12671 {
12672 case GEN:
12673 {
12674 struct rsbac_gen_dev_aci_t aci = DEFAULT_GEN_DEV_ACI;
12675
12676 if(dev.type > D_char)
12677 return -RSBAC_EINVALIDTARGET;
12678 rsbac_ta_list_get_data_ttl(ta_number,
12679 dev_handles.gen,
12680 NULL,
12681 &dev,
12682 &aci);
12683 switch (attr)
12684 {
12685 case A_log_array_low:
12686 aci.log_array_low = value_p->log_array_low;
12687 break;
12688 case A_log_array_high:
12689 aci.log_array_high = value_p->log_array_high;
12690 break;
12691 default:
12692 err = -RSBAC_EINVALIDATTR;
12693 }
12694 if(!err)
12695 {
12696 err = rsbac_ta_list_add_ttl(ta_number,
12697 dev_handles.gen,
12698 0,
12699 &dev,
12700 &aci);
12701 }
12702 }
12703 break;
12704
12705 #if defined(CONFIG_RSBAC_MAC)
12706 case MAC:
12707 {
12708 struct rsbac_mac_dev_aci_t aci = DEFAULT_MAC_DEV_ACI;
12709
12710 if(dev.type > D_char)
12711 return -RSBAC_EINVALIDTARGET;
12712 rsbac_ta_list_get_data_ttl(ta_number,
12713 dev_handles.mac,
12714 NULL,
12715 &dev,
12716 &aci);
12717 switch (attr)
12718 {
12719 case A_security_level:
12720 aci.sec_level = value_p->security_level;
12721 break;
12722 case A_mac_categories:
12723 aci.mac_categories = value_p->mac_categories;
12724 break;
12725 case A_mac_check:
12726 aci.mac_check = value_p->mac_check;
12727 break;
12728 default:
12729 err = -RSBAC_EINVALIDATTR;
12730 }
12731 if(!err)
12732 {
12733 err = rsbac_ta_list_add_ttl(ta_number,
12734 dev_handles.mac,
12735 0,
12736 &dev,
12737 &aci);
12738 }
12739 }
12740 break;
12741 #endif
12742
12743 #if defined(CONFIG_RSBAC_PM)
12744 case PM:
12745 {
12746 struct rsbac_pm_dev_aci_t aci = DEFAULT_PM_DEV_ACI;
12747
12748 if(dev.type > D_char)
12749 return -RSBAC_EINVALIDTARGET;
12750 rsbac_ta_list_get_data_ttl(ta_number,
12751 dev_handles.pm,
12752 NULL,
12753 &dev,
12754 &aci);
12755 switch (attr)
12756 {
12757 case A_pm_object_type:
12758 aci.pm_object_type = value_p->pm_object_type;
12759 break;
12760 case A_pm_object_class:
12761 aci.pm_object_class = value_p->pm_object_class;
12762 break;
12763 default:
12764 err = -RSBAC_EINVALIDATTR;
12765 }
12766 if(!err)
12767 {
12768 err = rsbac_ta_list_add_ttl(ta_number,
12769 dev_handles.pm,
12770 0,
12771 &dev,
12772 &aci);
12773 }
12774 }
12775 break;
12776 #endif
12777
12778 #if defined(CONFIG_RSBAC_RC)
12779 case RC:
12780 {
12781 rsbac_rc_type_id_t type = value_p->rc_type;
12782 struct rsbac_dev_desc_t dev_desc;
12783 rsbac_list_handle_t handle;
12784
12785 switch(dev.type)
12786 {
12787 case D_char:
12788 dev_desc.type = D_char;
12789 handle = dev_handles.rc;
12790 break;
12791 case D_block:
12792 dev_desc.type = D_block;
12793 handle = dev_handles.rc;
12794 break;
12795 case D_char_major:
12796 if(type > RC_type_max_value)
12797 return -RSBAC_EINVALIDVALUE;
12798 dev_desc.type = D_char;
12799 handle = dev_major_handles.rc;
12800 break;
12801 case D_block_major:
12802 if(type > RC_type_max_value)
12803 return -RSBAC_EINVALIDVALUE;
12804 dev_desc.type = D_block;
12805 handle = dev_major_handles.rc;
12806 break;
12807 default:
12808 return -RSBAC_EINVALIDTARGET;
12809 }
12810 dev_desc.major = dev.major;
12811 dev_desc.minor = dev.minor;
12812
12813 switch (attr)
12814 {
12815 case A_rc_type:
12816 err = rsbac_ta_list_add_ttl(ta_number,
12817 handle,
12818 0,
12819 &dev_desc,
12820 &type);
12821 break;
12822 default:
12823 err = -RSBAC_EINVALIDATTR;
12824 }
12825 }
12826 break;
12827 #endif
12828
12829 default:
12830 err = -RSBAC_EINVALIDMODULE;
12831 }
12832
12833 return err;
12834 }
12835
12836 static int set_attr_ipc(
12837 rsbac_list_ta_number_t ta_number,
12838 enum rsbac_switch_target_t module,
12839 enum rsbac_target_t target,
12840 union rsbac_target_id_t * tid_p,
12841 enum rsbac_attribute_t attr,
12842 union rsbac_attribute_value_t * value_p)
12843 {
12844 int err = 0;
12845
12846
12847
12848
12849
12850
12851
12852 switch(module)
12853 {
12854 #if defined(CONFIG_RSBAC_MAC)
12855 case MAC:
12856 {
12857 struct rsbac_mac_ipc_aci_t aci = DEFAULT_MAC_IPC_ACI;
12858
12859 rsbac_ta_list_get_data_ttl(ta_number,
12860 ipc_handles.mac,
12861 NULL,
12862 &tid_p->ipc,
12863 &aci);
12864 switch (attr)
12865 {
12866 case A_security_level:
12867 aci.sec_level = value_p->security_level;
12868 break;
12869 case A_mac_categories:
12870 aci.mac_categories = value_p->mac_categories;
12871 break;
12872 default:
12873 err = -RSBAC_EINVALIDATTR;
12874 }
12875 if(!err)
12876 {
12877 err = rsbac_ta_list_add_ttl(ta_number,
12878 ipc_handles.mac,
12879 0,
12880 &tid_p->ipc,
12881 &aci);
12882 }
12883 }
12884 break;
12885 #endif
12886
12887 #if defined(CONFIG_RSBAC_PM)
12888 case PM:
12889 {
12890 struct rsbac_pm_ipc_aci_t aci = DEFAULT_PM_IPC_ACI;
12891
12892 rsbac_ta_list_get_data_ttl(ta_number,
12893 ipc_handles.pm,
12894 NULL,
12895 &tid_p->ipc,
12896 &aci);
12897 switch (attr)
12898 {
12899 case A_pm_object_type:
12900 aci.pm_object_type = value_p->pm_object_type;
12901 break;
12902 case A_pm_ipc_purpose:
12903 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
12904 break;
12905 case A_pm_object_class:
12906 aci.pm_object_class = value_p->pm_object_class;
12907 break;
12908 default:
12909 err = -RSBAC_EINVALIDATTR;
12910 }
12911 if(!err)
12912 {
12913 err = rsbac_ta_list_add_ttl(ta_number,
12914 ipc_handles.pm,
12915 0,
12916 &tid_p->ipc,
12917 &aci);
12918 }
12919 }
12920 break;
12921 #endif
12922
12923 #if defined(CONFIG_RSBAC_RC)
12924 case RC:
12925 {
12926 rsbac_rc_type_id_t type = value_p->rc_type;
12927
12928 switch (attr)
12929 {
12930 case A_rc_type:
12931 err = rsbac_ta_list_add_ttl(ta_number,
12932 ipc_handles.rc,
12933 0,
12934 &tid_p->ipc,
12935 &type);
12936 break;
12937 default:
12938 err = -RSBAC_EINVALIDATTR;
12939 }
12940 }
12941 break;
12942 #endif
12943
12944 #if defined(CONFIG_RSBAC_JAIL)
12945 case JAIL:
12946 {
12947 rsbac_jail_id_t id = value_p->jail_id;
12948
12949 switch (attr)
12950 {
12951 case A_jail_id:
12952
12953
12954
12955
12956
12957
12958
12959
12960 err = rsbac_ta_list_add_ttl(ta_number,
12961 ipc_handles.jail,
12962 0,
12963 &tid_p->ipc,
12964 &id);
12965 break;
12966 default:
12967 err = -RSBAC_EINVALIDATTR;
12968 }
12969 }
12970 break;
12971 #endif
12972
12973 default:
12974 err = -RSBAC_EINVALIDMODULE;
12975 }
12976
12977 return err;
12978 }
12979
12980 static int set_attr_user(
12981 rsbac_list_ta_number_t ta_number,
12982 enum rsbac_switch_target_t module,
12983 enum rsbac_target_t target,
12984 union rsbac_target_id_t * tid_p,
12985 enum rsbac_attribute_t attr,
12986 union rsbac_attribute_value_t * value_p)
12987 {
12988 int err = 0;
12989
12990 #ifdef CONFIG_RSBAC_DEBUG
12991
12992
12993
12994
12995
12996
12997 #endif
12998 switch(module)
12999 {
13000 case GEN:
13001 {
13002 struct rsbac_gen_user_aci_t aci = DEFAULT_GEN_U_ACI;
13003
13004 rsbac_ta_list_get_data_ttl(ta_number,
13005 user_handles.gen,
13006 NULL,
13007 &tid_p->user,
13008 &aci);
13009 switch (attr)
13010 {
13011 case A_pseudo:
13012 aci.pseudo = value_p->pseudo;
13013 break;
13014 case A_log_user_based:
13015 aci.log_user_based = value_p->log_user_based;
13016 break;
13017 default:
13018 err = -RSBAC_EINVALIDATTR;
13019 }
13020 if(!err)
13021 {
13022 err = rsbac_ta_list_add_ttl(ta_number,
13023 user_handles.gen,
13024 0,
13025 &tid_p->user,
13026 &aci);
13027 }
13028 }
13029 break;
13030
13031 #if defined(CONFIG_RSBAC_MAC)
13032 case MAC:
13033 {
13034 struct rsbac_mac_user_aci_t aci = DEFAULT_MAC_U_ACI;
13035
13036 rsbac_ta_list_get_data_ttl(ta_number,
13037 user_handles.mac,
13038 NULL,
13039 &tid_p->user,
13040 &aci);
13041 switch (attr)
13042 {
13043 case A_security_level:
13044 if(value_p->security_level < aci.min_security_level)
13045 err = -RSBAC_EINVALIDVALUE;
13046 else
13047 aci.security_level = value_p->security_level;
13048 break;
13049 case A_initial_security_level:
13050 if( (value_p->security_level < aci.min_security_level)
13051 || (value_p->security_level > aci.security_level)
13052 )
13053 err = -RSBAC_EINVALIDVALUE;
13054 else
13055 aci.initial_security_level = value_p->security_level;
13056 break;
13057 case A_min_security_level:
13058 if(value_p->security_level > aci.security_level)
13059 err = -RSBAC_EINVALIDVALUE;
13060 else
13061 aci.min_security_level = value_p->security_level;
13062 break;
13063 case A_mac_categories:
13064 if((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
13065 err = -RSBAC_EINVALIDVALUE;
13066 else
13067 aci.mac_categories = value_p->mac_categories;
13068 break;
13069 case A_mac_initial_categories:
13070 if( ((value_p->mac_categories & aci.mac_min_categories) != aci.mac_min_categories)
13071 || ((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories)
13072 )
13073 err = -RSBAC_EINVALIDVALUE;
13074 else
13075 aci.mac_initial_categories = value_p->mac_categories;
13076 break;
13077 case A_mac_min_categories:
13078 if((value_p->mac_categories & aci.mac_categories) != value_p->mac_categories)
13079 err = -RSBAC_EINVALIDVALUE;
13080 else
13081 aci.mac_min_categories = value_p->mac_categories;
13082 break;
13083 case A_system_role:
13084 case A_mac_role:
13085 aci.system_role = value_p->system_role;
13086 break;
13087 case A_mac_user_flags:
13088 aci.mac_user_flags = value_p->mac_user_flags & RSBAC_MAC_U_FLAGS;
13089 break;
13090 default:
13091 err = -RSBAC_EINVALIDATTR;
13092 }
13093 if(!err)
13094 {
13095 err = rsbac_ta_list_add_ttl(ta_number,
13096 user_handles.mac,
13097 0,
13098 &tid_p->user,
13099 &aci);
13100 }
13101 }
13102 break;
13103 #endif
13104
13105 #if defined(CONFIG_RSBAC_PM)
13106 case PM:
13107 {
13108 struct rsbac_pm_user_aci_t aci = DEFAULT_PM_U_ACI;
13109
13110 rsbac_ta_list_get_data_ttl(ta_number,
13111 user_handles.pm,
13112 NULL,
13113 &tid_p->user,
13114 &aci);
13115 switch (attr)
13116 {
13117 case A_pm_task_set:
13118 aci.pm_task_set = value_p->pm_task_set;
13119 break;
13120 case A_pm_role:
13121 aci.pm_role = value_p->pm_role;
13122 break;
13123 default:
13124 err = -RSBAC_EINVALIDATTR;
13125 }
13126 if(!err)
13127 {
13128 err = rsbac_ta_list_add_ttl(ta_number,
13129 user_handles.pm,
13130 0,
13131 &tid_p->user,
13132 &aci);
13133 }
13134 }
13135 break;
13136 #endif
13137
13138 #if defined(CONFIG_RSBAC_DAZ)
13139 case DAZ:
13140 {
13141 rsbac_system_role_int_t role = value_p->system_role;
13142
13143 switch (attr)
13144 {
13145 case A_system_role:
13146 case A_daz_role:
13147 err = rsbac_ta_list_add_ttl(ta_number,
13148 user_handles.daz,
13149 0,
13150 &tid_p->user,
13151 &role);
13152 break;
13153 default:
13154 err = -RSBAC_EINVALIDATTR;
13155 }
13156 }
13157 break;
13158 #endif
13159
13160 #if defined(CONFIG_RSBAC_FF)
13161 case FF:
13162 {
13163 rsbac_system_role_int_t role = value_p->system_role;
13164
13165 switch (attr)
13166 {
13167 case A_system_role:
13168 case A_ff_role:
13169 err = rsbac_ta_list_add_ttl(ta_number,
13170 user_handles.ff,
13171 0,
13172 &tid_p->user,
13173 &role);
13174 break;
13175 default:
13176 err = -RSBAC_EINVALIDATTR;
13177 }
13178 }
13179 break;
13180 #endif
13181
13182 #if defined(CONFIG_RSBAC_RC)
13183 case RC:
13184 {
13185 struct rsbac_rc_user_aci_t aci = DEFAULT_RC_U_ACI;
13186
13187 rsbac_ta_list_get_data_ttl(ta_number,
13188 user_handles.rc,
13189 NULL,
13190 &tid_p->user,
13191 &aci);
13192 switch (attr)
13193 {
13194 case A_rc_def_role:
13195 aci.rc_role = value_p->rc_def_role;
13196 break;
13197 case A_rc_type:
13198 aci.rc_type = value_p->rc_type;
13199 break;
13200 default:
13201 err = -RSBAC_EINVALIDATTR;
13202 }
13203 if(!err)
13204 {
13205 err = rsbac_ta_list_add_ttl(ta_number,
13206 user_handles.rc,
13207 0,
13208 &tid_p->user,
13209 &aci);
13210 }
13211 }
13212 break;
13213 #endif
13214
13215 #if defined(CONFIG_RSBAC_AUTH)
13216 case AUTH:
13217 {
13218 rsbac_system_role_int_t role = value_p->system_role;
13219
13220 switch (attr)
13221 {
13222 case A_system_role:
13223 case A_auth_role:
13224 err = rsbac_ta_list_add_ttl(ta_number,
13225 user_handles.auth,
13226 0,
13227 &tid_p->user,
13228 &role);
13229 break;
13230 default:
13231 err = -RSBAC_EINVALIDATTR;
13232 }
13233 }
13234 break;
13235 #endif
13236
13237 #if defined(CONFIG_RSBAC_CAP)
13238 case CAP:
13239 {
13240 struct rsbac_cap_user_aci_t aci = DEFAULT_CAP_U_ACI;
13241
13242 rsbac_ta_list_get_data_ttl(ta_number,
13243 user_handles.cap,
13244 NULL,
13245 &tid_p->user,
13246 &aci);
13247 switch (attr)
13248 {
13249 case A_system_role:
13250 case A_cap_role:
13251 aci.cap_role = value_p->system_role;
13252 break;
13253 case A_min_caps:
13254 aci.min_caps = value_p->min_caps;
13255 break;
13256 case A_max_caps:
13257 aci.max_caps = value_p->max_caps;
13258 break;
13259 default:
13260 err = -RSBAC_EINVALIDATTR;
13261 }
13262 if(!err)
13263 {
13264 err = rsbac_ta_list_add_ttl(ta_number,
13265 user_handles.cap,
13266 0,
13267 &tid_p->user,
13268 &aci);
13269 }
13270 }
13271 break;
13272 #endif
13273
13274 #if defined(CONFIG_RSBAC_JAIL)
13275 case JAIL:
13276 {
13277 rsbac_system_role_int_t role = value_p->system_role;
13278
13279 switch (attr)
13280 {
13281 case A_system_role:
13282 case A_jail_role:
13283 err = rsbac_ta_list_add_ttl(ta_number,
13284 user_handles.jail,
13285 0,
13286 &tid_p->user,
13287 &role);
13288 break;
13289 default:
13290 err = -RSBAC_EINVALIDATTR;
13291 }
13292 }
13293 break;
13294 #endif
13295
13296 #if defined(CONFIG_RSBAC_RES)
13297 case RES:
13298 {
13299 struct rsbac_res_user_aci_t aci = DEFAULT_RES_U_ACI;
13300
13301 rsbac_ta_list_get_data_ttl(ta_number,
13302 user_handles.res,
13303 NULL,
13304 &tid_p->user,
13305 &aci);
13306 switch (attr)
13307 {
13308 case A_system_role:
13309 case A_res_role:
13310 aci.res_role = value_p->system_role;
13311 break;
13312 case A_res_min:
13313 memcpy(&aci.res_min, &value_p->res_array, sizeof(aci.res_min));
13314 break;
13315 case A_res_max:
13316 memcpy(&aci.res_max, &value_p->res_array, sizeof(aci.res_max));
13317 break;
13318 default:
13319 err = -RSBAC_EINVALIDATTR;
13320 }
13321 if(!err)
13322 {
13323 struct rsbac_res_user_aci_t def_aci = DEFAULT_RES_U_ACI;
13324
13325 if(tid_p->user != RSBAC_ALL_USERS)
13326 {
13327 rsbac_uid_t all_users = RSBAC_ALL_USERS;
13328
13329 rsbac_ta_list_get_data_ttl(ta_number,
13330 user_handles.res,
13331 NULL,
13332 &all_users,
13333 &def_aci);
13334 }
13335 if(memcmp(&aci, &def_aci, sizeof(aci)))
13336 err = rsbac_ta_list_add_ttl(ta_number,
13337 user_handles.res,
13338 0,
13339 &tid_p->user,
13340 &aci);
13341 else
13342 err = rsbac_ta_list_remove(ta_number,
13343 user_handles.res,
13344 &tid_p->user);
13345 }
13346 }
13347 break;
13348 #endif
13349
13350 #if defined(CONFIG_RSBAC_PAX)
13351 case PAX:
13352 {
13353 rsbac_system_role_int_t role = value_p->system_role;
13354
13355 switch (attr)
13356 {
13357 case A_system_role:
13358 case A_pax_role:
13359 err = rsbac_ta_list_add_ttl(ta_number,
13360 user_handles.pax,
13361 0,
13362 &tid_p->user,
13363 &role);
13364 break;
13365 default:
13366 err = -RSBAC_EINVALIDATTR;
13367 }
13368 }
13369 break;
13370 #endif
13371
13372 default:
13373 err = -RSBAC_EINVALIDMODULE;
13374 }
13375
13376 return err;
13377 }
13378
13379 static int set_attr_process(
13380 rsbac_list_ta_number_t ta_number,
13381 enum rsbac_switch_target_t module,
13382 enum rsbac_target_t target,
13383 union rsbac_target_id_t * tid_p,
13384 enum rsbac_attribute_t attr,
13385 union rsbac_attribute_value_t * value_p)
13386 {
13387 int err = 0;
13388
13389
13390
13391
13392
13393
13394
13395
13396 if (!tid_p->process)
13397 {
13398 rsbac_printk(KERN_WARNING
13399 "rsbac_set_attr(): Trying to set attribute for process 0!\n");
13400 return -RSBAC_EINVALIDTARGET;
13401 }
13402 switch(module)
13403 {
13404 case GEN:
13405 {
13406 struct rsbac_gen_process_aci_t aci = DEFAULT_GEN_P_ACI;
13407
13408 rsbac_ta_list_get_data_ttl(ta_number,
13409 process_handles.gen[gen_p_hash(tid_p->process)],
13410 NULL,
13411 &tid_p->process,
13412 &aci);
13413 switch (attr)
13414 {
13415 case A_log_program_based:
13416 aci.log_program_based = value_p->log_program_based;
13417 break;
13418 case A_fake_root_uid:
13419 aci.fake_root_uid = value_p->fake_root_uid;
13420 break;
13421 case A_audit_uid:
13422 aci.audit_uid = value_p->audit_uid;
13423 break;
13424 case A_auid_exempt:
13425 aci.auid_exempt = value_p->auid_exempt;
13426 break;
13427 case A_remote_ip:
13428 aci.remote_ip = value_p->remote_ip;
13429 break;
13430 case A_kernel_thread:
13431 aci.kernel_thread = value_p->kernel_thread;
13432 break;
13433 default:
13434 err = -RSBAC_EINVALIDATTR;
13435 }
13436 if(!err)
13437 {
13438 err = rsbac_ta_list_add_ttl(ta_number,
13439 process_handles.gen[gen_p_hash(tid_p->process)],
13440 0,
13441 &tid_p->process,
13442 &aci);
13443 }
13444 }
13445 break;
13446
13447 #if defined(CONFIG_RSBAC_MAC)
13448 case MAC:
13449 {
13450 struct rsbac_mac_process_aci_t aci = DEFAULT_MAC_P_ACI;
13451
13452 rsbac_ta_list_get_data_ttl(ta_number,
13453 process_handles.mac[mac_p_hash(tid_p->process)],
13454 NULL,
13455 &tid_p->process,
13456 &aci);
13457 switch (attr)
13458 {
13459 case A_security_level:
13460 aci.owner_sec_level = value_p->security_level;
13461 break;
13462 case A_initial_security_level:
13463 aci.owner_initial_sec_level = value_p->security_level;
13464 break;
13465 case A_min_security_level:
13466 aci.owner_min_sec_level = value_p->security_level;
13467 break;
13468 case A_mac_categories:
13469 aci.mac_owner_categories = value_p->mac_categories;
13470 break;
13471 case A_mac_initial_categories:
13472 aci.mac_owner_initial_categories = value_p->mac_categories;
13473 break;
13474 case A_mac_min_categories:
13475 aci.mac_owner_min_categories = value_p->mac_categories;
13476 break;
13477 case A_current_sec_level:
13478 aci.current_sec_level = value_p->current_sec_level;
13479 break;
13480 case A_mac_curr_categories:
13481 aci.mac_curr_categories = value_p->mac_categories;
13482 break;
13483 case A_min_write_open:
13484 aci.min_write_open = value_p->min_write_open;
13485 break;
13486 case A_min_write_categories:
13487 aci.min_write_categories = value_p->mac_categories;
13488 break;
13489 case A_max_read_open:
13490 aci.max_read_open = value_p->max_read_open;
13491 break;
13492 case A_max_read_categories:
13493 aci.max_read_categories = value_p->mac_categories;
13494 break;
13495 case A_mac_process_flags:
13496 aci.mac_process_flags = value_p->mac_process_flags & RSBAC_MAC_P_FLAGS;
13497 break;
13498 case A_mac_auto:
13499 if(value_p->mac_auto)
13500 aci.mac_process_flags |= MAC_auto;
13501 else
13502 aci.mac_process_flags &= ~MAC_auto;
13503 break;
13504 default:
13505 err = -RSBAC_EINVALIDATTR;
13506 }
13507 if(!err)
13508 {
13509 err = rsbac_ta_list_add_ttl(ta_number,
13510 process_handles.mac[mac_p_hash(tid_p->process)],
13511 0,
13512 &tid_p->process,
13513 &aci);
13514 }
13515 }
13516 break;
13517 #endif
13518
13519 #if defined(CONFIG_RSBAC_PM)
13520 case PM:
13521 {
13522 struct rsbac_pm_process_aci_t aci = DEFAULT_PM_P_ACI;
13523
13524 rsbac_ta_list_get_data_ttl(ta_number,
13525 process_handles.pm,
13526 NULL,
13527 &tid_p->process,
13528 &aci);
13529 switch (attr)
13530 {
13531 case A_pm_tp:
13532 aci.pm_tp = value_p->pm_tp;
13533 break;
13534 case A_pm_current_task:
13535 aci.pm_current_task = value_p->pm_current_task;
13536 break;
13537 case A_pm_process_type:
13538 aci.pm_process_type = value_p->pm_process_type;
13539 break;
13540 default:
13541 err = -RSBAC_EINVALIDATTR;
13542 }
13543 if(!err)
13544 {
13545 err = rsbac_ta_list_add_ttl(ta_number,
13546 process_handles.pm,
13547 0,
13548 &tid_p->process,
13549 &aci);
13550 }
13551 }
13552 break;
13553 #endif
13554
13555 #if defined(CONFIG_RSBAC_DAZ)
13556 case DAZ:
13557 {
13558 struct rsbac_daz_process_aci_t aci = DEFAULT_DAZ_P_ACI;
13559
13560 rsbac_ta_list_get_data_ttl(ta_number,
13561 process_handles.daz,
13562 NULL,
13563 &tid_p->process,
13564 &aci);
13565 switch (attr)
13566 {
13567 case A_daz_scanner:
13568 aci.daz_scanner = value_p->daz_scanner;
13569 break;
13570 default:
13571 err = -RSBAC_EINVALIDATTR;
13572 }
13573 if(!err)
13574 {
13575 err = rsbac_ta_list_add_ttl(ta_number,
13576 process_handles.daz,
13577 0,
13578 &tid_p->process,
13579 &aci);
13580 }
13581 }
13582 break;
13583 #endif
13584
13585 #if defined(CONFIG_RSBAC_RC)
13586 case RC:
13587 {
13588 struct rsbac_rc_process_aci_t aci = DEFAULT_RC_P_ACI;
13589
13590 rsbac_ta_list_get_data_ttl(ta_number,
13591 process_handles.rc[rc_p_hash(tid_p->process)],
13592 NULL,
13593 &tid_p->process,
13594 &aci);
13595 switch (attr)
13596 {
13597 case A_rc_role:
13598 aci.rc_role = value_p->rc_role;
13599 break;
13600 case A_rc_type:
13601 aci.rc_type = value_p->rc_type;
13602 break;
13603 case A_rc_force_role:
13604 aci.rc_force_role = value_p->rc_force_role;
13605 break;
13606 default:
13607 err = -RSBAC_EINVALIDATTR;
13608 }
13609 if(!err)
13610 {
13611 err = rsbac_ta_list_add_ttl(ta_number,
13612 process_handles.rc[rc_p_hash(tid_p->process)],
13613 0,
13614 &tid_p->process,
13615 &aci);
13616 }
13617 }
13618 break;
13619 #endif
13620
13621 #if defined(CONFIG_RSBAC_AUTH)
13622 case AUTH:
13623 {
13624 struct rsbac_auth_process_aci_t aci = DEFAULT_AUTH_P_ACI;
13625
13626 rsbac_ta_list_get_data_ttl(ta_number,
13627 process_handles.auth,
13628 NULL,
13629 &tid_p->process,
13630 &aci);
13631 switch (attr)
13632 {
13633 case A_auth_may_setuid:
13634 aci.auth_may_setuid = value_p->auth_may_setuid;
13635 break;
13636 case A_auth_may_set_cap:
13637 aci.auth_may_set_cap = value_p->auth_may_set_cap;
13638 break;
13639 #if defined(CONFIG_RSBAC_AUTH_LEARN)
13640 case A_auth_program_file:
13641 aci.auth_program_file = value_p->auth_program_file;
13642 break;
13643 case A_auth_start_uid:
13644 aci.auth_start_uid = value_p->auth_start_uid;
13645 break;
13646 #ifdef CONFIG_RSBAC_AUTH_DAC_OWNER
13647 case A_auth_start_euid:
13648 aci.auth_start_euid = value_p->auth_start_euid;
13649 break;
13650 #endif
13651 #ifdef CONFIG_RSBAC_AUTH_GROUP
13652 case A_auth_start_gid:
13653 aci.auth_start_gid = value_p->auth_start_gid;
13654 break;
13655 #ifdef CONFIG_RSBAC_AUTH_DAC_GROUP
13656 case A_auth_start_egid:
13657 aci.auth_start_egid = value_p->auth_start_egid;
13658 break;
13659 #endif
13660 #endif
13661 case A_auth_learn:
13662 aci.auth_learn = value_p->auth_learn;
13663 break;
13664 #endif
13665 case A_auth_last_auth:
13666 aci.auth_last_auth = value_p->auth_last_auth;
13667 break;
13668 default:
13669 err = -RSBAC_EINVALIDATTR;
13670 }
13671 if(!err)
13672 {
13673 err = rsbac_ta_list_add_ttl(ta_number,
13674 process_handles.auth,
13675 0,
13676 &tid_p->process,
13677 &aci);
13678 }
13679 }
13680 break;
13681 #endif
13682
13683 #if defined(CONFIG_RSBAC_CAP)
13684 case CAP:
13685 {
13686 struct rsbac_cap_process_aci_t aci = DEFAULT_CAP_P_ACI;
13687
13688 rsbac_ta_list_get_data_ttl(ta_number,
13689 process_handles.cap,
13690 NULL,
13691 &tid_p->process,
13692 &aci);
13693 switch (attr)
13694 {
13695 case A_cap_process_hiding:
13696 aci.cap_process_hiding = value_p->cap_process_hiding;
13697 break;
13698 #ifdef CONFIG_RSBAC_CAP_LOG_MISSING
13699 case A_max_caps_user:
13700 aci.max_caps_user = value_p->max_caps_user;
13701 break;
13702 case A_max_caps_program:
13703 aci.max_caps_program = value_p->max_caps_program;
13704 break;
13705 #endif
13706 default:
13707 err = -RSBAC_EINVALIDATTR;
13708 }
13709 if(!err)
13710 {
13711 err = rsbac_ta_list_add_ttl(ta_number,
13712 process_handles.cap,
13713 0,
13714 &tid_p->process,
13715 &aci);
13716 }
13717 }
13718 break;
13719 #endif
13720
13721 #if defined(CONFIG_RSBAC_JAIL)
13722 case JAIL:
13723 {
13724 struct rsbac_jail_process_aci_t aci = DEFAULT_JAIL_P_ACI;
13725
13726 rsbac_ta_list_get_data_ttl(ta_number,
13727 process_handles.jail[jail_p_hash(tid_p->process)],
13728 NULL,
13729 &tid_p->process,
13730 &aci);
13731 switch (attr)
13732 {
13733 case A_jail_id:
13734 aci.id = value_p->jail_id;
13735 break;
13736 case A_jail_ip:
13737 aci.ip = value_p->jail_ip;
13738 break;
13739 case A_jail_flags:
13740 aci.flags = value_p->jail_flags;
13741 break;
13742 case A_jail_max_caps:
13743 aci.max_caps = value_p->jail_max_caps;
13744 break;
13745 case A_jail_scd_get:
13746 aci.scd_get = value_p->jail_scd_get;
13747 break;
13748 case A_jail_scd_modify:
13749 aci.scd_modify = value_p->jail_scd_modify;
13750 break;
13751 default:
13752 err = -RSBAC_EINVALIDATTR;
13753 }
13754 if(!err)
13755 {
13756 err = rsbac_ta_list_add_ttl(ta_number,
13757 process_handles.jail[jail_p_hash(tid_p->process)],
13758 0,
13759 &tid_p->process,
13760 &aci);
13761 }
13762 }
13763 break;
13764 #endif
13765
13766 default:
13767 err = -RSBAC_EINVALIDMODULE;
13768 }
13769
13770 return err;
13771 }
13772
13773 #ifdef CONFIG_RSBAC_UM
13774 static int set_attr_group(
13775 rsbac_list_ta_number_t ta_number,
13776 enum rsbac_switch_target_t module,
13777 enum rsbac_target_t target,
13778 union rsbac_target_id_t * tid_p,
13779 enum rsbac_attribute_t attr,
13780 union rsbac_attribute_value_t * value_p)
13781 {
13782 int err = 0;
13783
13784
13785
13786
13787
13788
13789
13790
13791 switch(module)
13792 {
13793 #if defined(CONFIG_RSBAC_RC_UM_PROT)
13794 case RC:
13795 {
13796 rsbac_rc_type_id_t type = value_p->rc_type;
13797 rsbac_gid_t group_desc;
13798
13799 group_desc = tid_p->group;
13800
13801 switch (attr)
13802 {
13803 case A_rc_type:
13804 err = rsbac_ta_list_add_ttl(ta_number,
13805 group_handles.rc,
13806 0,
13807 &group_desc,
13808 &type);
13809 break;
13810 default:
13811 err = -RSBAC_EINVALIDATTR;
13812 }
13813 }
13814 break;
13815 #endif
13816
13817 default:
13818 err = -RSBAC_EINVALIDMODULE;
13819 }
13820
13821 return err;
13822 }
13823 #endif
13824
13825 #ifdef CONFIG_RSBAC_NET_DEV
13826 static int set_attr_netdev(
13827 rsbac_list_ta_number_t ta_number,
13828 enum rsbac_switch_target_t module,
13829 enum rsbac_target_t target,
13830 union rsbac_target_id_t * tid_p,
13831 enum rsbac_attribute_t attr,
13832 union rsbac_attribute_value_t * value_p)
13833 {
13834 int err = 0;
13835
13836
13837
13838
13839
13840
13841
13842
13843 switch(module)
13844 {
13845 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
13846 case GEN:
13847 {
13848 struct rsbac_gen_netdev_aci_t aci = DEFAULT_GEN_NETDEV_ACI;
13849
13850 rsbac_ta_list_get_data_ttl(ta_number,
13851 netdev_handles.gen,
13852 NULL,
13853 &tid_p->netdev,
13854 &aci);
13855 switch (attr)
13856 {
13857 case A_log_array_low:
13858 aci.log_array_low = value_p->log_array_low;
13859 break;
13860 case A_log_array_high:
13861 aci.log_array_high = value_p->log_array_high;
13862 break;
13863 default:
13864 err = -RSBAC_EINVALIDATTR;
13865 }
13866 if(!err)
13867 {
13868 err = rsbac_ta_list_add_ttl(ta_number,
13869 netdev_handles.gen,
13870 0,
13871 &tid_p->netdev,
13872 &aci);
13873 }
13874 }
13875 break;
13876 #endif
13877 #if defined(CONFIG_RSBAC_RC)
13878 case RC:
13879 {
13880 rsbac_rc_type_id_t type = value_p->rc_type;
13881
13882 switch (attr)
13883 {
13884 case A_rc_type:
13885 err = rsbac_ta_list_add_ttl(ta_number,
13886 netdev_handles.rc,
13887 0,
13888 &tid_p->netdev,
13889 &type);
13890 break;
13891 default:
13892 err = -RSBAC_EINVALIDATTR;
13893 }
13894 }
13895 break;
13896 #endif
13897
13898 default:
13899 err = -RSBAC_EINVALIDMODULE;
13900 }
13901
13902 return err;
13903 }
13904
13905 static int set_attr_nettemp(
13906 rsbac_list_ta_number_t ta_number,
13907 enum rsbac_switch_target_t module,
13908 enum rsbac_target_t target,
13909 union rsbac_target_id_t * tid_p,
13910 enum rsbac_attribute_t attr,
13911 union rsbac_attribute_value_t * value_p)
13912 {
13913 int err = 0;
13914
13915
13916
13917
13918
13919
13920
13921 if(!rsbac_list_exist(net_temp_handle, &tid_p->nettemp))
13922 return -RSBAC_EINVALIDTARGET;
13923 switch(module)
13924 {
13925 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
13926 case GEN:
13927 {
13928 struct rsbac_gen_netobj_aci_t aci = DEFAULT_GEN_NETOBJ_ACI;
13929
13930 rsbac_ta_list_get_data_ttl(ta_number,
13931 nettemp_handles.gen,
13932 NULL,
13933 &tid_p->nettemp,
13934 &aci);
13935 switch (attr)
13936 {
13937 case A_log_array_low:
13938 aci.log_array_low = value_p->log_array_low;
13939 break;
13940 case A_log_array_high:
13941 aci.log_array_high = value_p->log_array_high;
13942 break;
13943
13944 default:
13945 err = -RSBAC_EINVALIDATTR;
13946 }
13947 if(!err)
13948 {
13949 err = rsbac_ta_list_add_ttl(ta_number,
13950 nettemp_handles.gen,
13951 0,
13952 &tid_p->nettemp,
13953 &aci);
13954 }
13955 }
13956 break;
13957 #endif
13958 #if defined(CONFIG_RSBAC_MAC)
13959 case MAC:
13960 {
13961 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
13962
13963 rsbac_ta_list_get_data_ttl(ta_number,
13964 nettemp_handles.mac,
13965 NULL,
13966 &tid_p->nettemp,
13967 &aci);
13968 switch (attr)
13969 {
13970 case A_security_level:
13971 aci.sec_level = value_p->security_level;
13972 break;
13973 case A_mac_categories:
13974 aci.mac_categories = value_p->mac_categories;
13975 break;
13976
13977 default:
13978 err = -RSBAC_EINVALIDATTR;
13979 }
13980 if(!err)
13981 {
13982 err = rsbac_ta_list_add_ttl(ta_number,
13983 nettemp_handles.mac,
13984 0,
13985 &tid_p->nettemp,
13986 &aci);
13987 }
13988 }
13989 break;
13990 #endif
13991
13992 #if defined(CONFIG_RSBAC_PM)
13993 case PM:
13994 {
13995 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
13996
13997 rsbac_ta_list_get_data_ttl(ta_number,
13998 nettemp_handles.pm,
13999 NULL,
14000 &tid_p->nettemp,
14001 &aci);
14002 switch (attr)
14003 {
14004 case A_pm_object_class:
14005 aci.pm_object_class = value_p->pm_object_class;
14006 break;
14007 case A_pm_ipc_purpose:
14008 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
14009 break;
14010 case A_pm_object_type:
14011 aci.pm_object_type = value_p->pm_object_type;
14012 break;
14013 default:
14014 err = -RSBAC_EINVALIDATTR;
14015 }
14016 if(!err)
14017 {
14018 err = rsbac_ta_list_add_ttl(ta_number,
14019 nettemp_handles.pm,
14020 0,
14021 &tid_p->nettemp,
14022 &aci);
14023 }
14024 }
14025 break;
14026 #endif
14027
14028 #if defined(CONFIG_RSBAC_RC)
14029 case RC:
14030 {
14031 struct rsbac_rc_nettemp_aci_t aci = DEFAULT_RC_NETTEMP_ACI;
14032
14033 rsbac_ta_list_get_data_ttl(ta_number,
14034 nettemp_handles.rc,
14035 NULL,
14036 &tid_p->nettemp,
14037 &aci);
14038 switch (attr)
14039 {
14040 case A_rc_type:
14041 aci.netobj_type = value_p->rc_type;
14042 break;
14043 case A_rc_type_nt:
14044 aci.nettemp_type = value_p->rc_type;
14045 break;
14046
14047 default:
14048 err = -RSBAC_EINVALIDATTR;
14049 }
14050 if(!err)
14051 {
14052 err = rsbac_ta_list_add_ttl(ta_number,
14053 nettemp_handles.rc,
14054 0,
14055 &tid_p->nettemp,
14056 &aci);
14057 }
14058 }
14059 break;
14060 #endif
14061
14062 default:
14063 err = -RSBAC_EINVALIDMODULE;
14064 }
14065
14066 return err;
14067 }
14068
14069 static int set_attr_netobj(
14070 rsbac_list_ta_number_t ta_number,
14071 enum rsbac_switch_target_t module,
14072 enum rsbac_target_t target,
14073 union rsbac_target_id_t * tid_p,
14074 enum rsbac_attribute_t attr,
14075 union rsbac_attribute_value_t * value_p)
14076 {
14077 int err = 0;
14078
14079
14080
14081
14082
14083
14084
14085 switch(module)
14086 {
14087 #if defined(CONFIG_RSBAC_MAC)
14088 case MAC:
14089 {
14090 struct rsbac_mac_netobj_aci_t aci = DEFAULT_MAC_NETOBJ_ACI;
14091
14092 switch(attr)
14093 {
14094 case A_local_sec_level:
14095 case A_local_mac_categories:
14096 if(rsbac_ta_list_get_data_ttl(ta_number,
14097 lnetobj_handles.mac,
14098 NULL,
14099 &tid_p->netobj.sock_p,
14100 &aci))
14101 {
14102 rsbac_net_temp_id_t temp = 0;
14103
14104 rsbac_ta_net_lookup_templates(ta_number,
14105 &tid_p->netobj,
14106 &temp,
14107 NULL);
14108 if(temp)
14109 rsbac_ta_list_get_data_ttl(ta_number,
14110 nettemp_handles.mac,
14111 NULL,
14112 &temp,
14113 &aci);
14114 }
14115 break;
14116
14117 case A_remote_sec_level:
14118 case A_remote_mac_categories:
14119 if(rsbac_ta_list_get_data_ttl(ta_number,
14120 rnetobj_handles.mac,
14121 NULL,
14122 &tid_p->netobj.sock_p,
14123 &aci))
14124 {
14125 rsbac_net_temp_id_t temp = 0;
14126
14127 rsbac_ta_net_lookup_templates(ta_number,
14128 &tid_p->netobj,
14129 NULL,
14130 &temp);
14131 if(temp)
14132 rsbac_ta_list_get_data_ttl(ta_number,
14133 nettemp_handles.mac,
14134 NULL,
14135 &temp,
14136 &aci);
14137 }
14138 break;
14139
14140 default:
14141 err = -RSBAC_EINVALIDATTR;
14142 }
14143 if(err)
14144 break;
14145 {
14146 switch (attr)
14147 {
14148 case A_local_sec_level:
14149 aci.sec_level = value_p->security_level;
14150 err = rsbac_ta_list_add_ttl(ta_number,
14151 lnetobj_handles.mac,
14152 0,
14153 &tid_p->netobj.sock_p,
14154 &aci);
14155 break;
14156 case A_remote_sec_level:
14157 aci.sec_level = value_p->security_level;
14158 err = rsbac_ta_list_add_ttl(ta_number,
14159 rnetobj_handles.mac,
14160 0,
14161 &tid_p->netobj.sock_p,
14162 &aci);
14163 break;
14164 case A_local_mac_categories:
14165 aci.mac_categories = value_p->mac_categories;
14166 err = rsbac_ta_list_add_ttl(ta_number,
14167 lnetobj_handles.mac,
14168 0,
14169 &tid_p->netobj.sock_p,
14170 &aci);
14171 break;
14172 case A_remote_mac_categories:
14173 aci.mac_categories = value_p->mac_categories;
14174 err = rsbac_ta_list_add_ttl(ta_number,
14175 rnetobj_handles.mac,
14176 0,
14177 &tid_p->netobj.sock_p,
14178 &aci);
14179 break;
14180
14181 default:
14182 err = -RSBAC_EINVALIDATTR;
14183 }
14184 }
14185 }
14186 break;
14187 #endif
14188
14189 #if defined(CONFIG_RSBAC_PM)
14190 case PM:
14191 {
14192 struct rsbac_pm_netobj_aci_t aci = DEFAULT_PM_NETOBJ_ACI;
14193
14194 switch(attr)
14195 {
14196 case A_local_pm_object_class:
14197 case A_local_pm_ipc_purpose:
14198 case A_local_pm_object_type:
14199 if(rsbac_ta_list_get_data_ttl(ta_number,
14200 lnetobj_handles.pm,
14201 NULL,
14202 &tid_p->netobj.sock_p,
14203 &aci))
14204 {
14205 rsbac_net_temp_id_t temp = 0;
14206
14207 rsbac_ta_net_lookup_templates(ta_number,
14208 &tid_p->netobj,
14209 &temp,
14210 NULL);
14211 if(temp)
14212 rsbac_ta_list_get_data_ttl(ta_number,
14213 nettemp_handles.pm,
14214 NULL,
14215 &temp,
14216 &aci);
14217 }
14218 break;
14219
14220 case A_remote_pm_object_class:
14221 case A_remote_pm_ipc_purpose:
14222 case A_remote_pm_object_type:
14223 if(rsbac_ta_list_get_data_ttl(ta_number,
14224 rnetobj_handles.pm,
14225 NULL,
14226 &tid_p->netobj.sock_p,
14227 &aci))
14228 {
14229 rsbac_net_temp_id_t temp = 0;
14230
14231 rsbac_ta_net_lookup_templates(ta_number,
14232 &tid_p->netobj,
14233 NULL,
14234 &temp);
14235 if(temp)
14236 rsbac_ta_list_get_data_ttl(ta_number,
14237 nettemp_handles.pm,
14238 NULL,
14239 &temp,
14240 &aci);
14241 }
14242 break;
14243
14244 default:
14245 err = -RSBAC_EINVALIDATTR;
14246 }
14247 if(err)
14248 break;
14249 {
14250 switch (attr)
14251 {
14252 case A_local_pm_object_class:
14253 aci.pm_object_class = value_p->pm_object_class;
14254 err = rsbac_ta_list_add_ttl(ta_number,
14255 lnetobj_handles.pm,
14256 0,
14257 &tid_p->netobj.sock_p,
14258 &aci);
14259 break;
14260 case A_remote_pm_object_class:
14261 aci.pm_object_class = value_p->pm_object_class;
14262 err = rsbac_ta_list_add_ttl(ta_number,
14263 rnetobj_handles.pm,
14264 0,
14265 &tid_p->netobj.sock_p,
14266 &aci);
14267 break;
14268 case A_local_pm_ipc_purpose:
14269 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
14270 err = rsbac_ta_list_add_ttl(ta_number,
14271 lnetobj_handles.pm,
14272 0,
14273 &tid_p->netobj.sock_p,
14274 &aci);
14275 break;
14276 case A_remote_pm_ipc_purpose:
14277 aci.pm_ipc_purpose = value_p->pm_ipc_purpose;
14278 err = rsbac_ta_list_add_ttl(ta_number,
14279 rnetobj_handles.pm,
14280 0,
14281 &tid_p->netobj.sock_p,
14282 &aci);
14283 break;
14284 case A_local_pm_object_type:
14285 aci.pm_object_type = value_p->pm_object_type;
14286 err = rsbac_ta_list_add_ttl(ta_number,
14287 lnetobj_handles.pm,
14288 0,
14289 &tid_p->netobj.sock_p,
14290 &aci);
14291 break;
14292 case A_remote_pm_object_type:
14293 aci.pm_object_type = value_p->pm_object_type;
14294 err = rsbac_ta_list_add_ttl(ta_number,
14295 rnetobj_handles.pm,
14296 0,
14297 &tid_p->netobj.sock_p,
14298 &aci);
14299 break;
14300
14301 default:
14302 err = -RSBAC_EINVALIDATTR;
14303 }
14304 }
14305 }
14306 break;
14307 #endif
14308
14309 #if defined(CONFIG_RSBAC_RC)
14310 case RC:
14311 {
14312 rsbac_rc_type_id_t type = value_p->rc_type;
14313
14314 switch(attr)
14315 {
14316 case A_local_rc_type:
14317 err = rsbac_ta_list_add_ttl(ta_number,
14318 lnetobj_handles.rc,
14319 0,
14320 &tid_p->netobj.sock_p,
14321 &type);
14322 break;
14323
14324 case A_remote_rc_type:
14325 err = rsbac_ta_list_add_ttl(ta_number,
14326 rnetobj_handles.rc,
14327 0,
14328 &tid_p->netobj.sock_p,
14329 &type);
14330 break;
14331
14332 default:
14333 err = -RSBAC_EINVALIDATTR;
14334 }
14335 }
14336 break;
14337 #endif
14338
14339 default:
14340 err = -RSBAC_EINVALIDMODULE;
14341 }
14342
14343 return err;
14344 }
14345 #endif
14346
14347
14348 int rsbac_ta_set_attr(
14349 rsbac_list_ta_number_t ta_number,
14350 enum rsbac_switch_target_t module,
14351 enum rsbac_target_t target,
14352 union rsbac_target_id_t tid,
14353 enum rsbac_attribute_t attr,
14354 union rsbac_attribute_value_t value)
14355 {
14356 int err = 0;
14357
14358
14359
14360
14361
14362 if (!rsbac_initialized)
14363 {
14364 rsbac_printk(KERN_WARNING "rsbac_set_attr(): RSBAC not initialized\n");
14365 return(-RSBAC_ENOTINITIALIZED);
14366 }
14367 if (in_interrupt())
14368 {
14369 rsbac_printk(KERN_WARNING "rsbac_set_attr(): called from interrupt!\n");
14370 }
14371 switch (target)
14372 {
14373 case T_FILE:
14374 case T_DIR:
14375 case T_FIFO:
14376 case T_SYMLINK:
14377 err = set_attr_fd(ta_number, module, target, &tid, attr, &value);
14378 break;
14379
14380 case T_DEV:
14381 err = set_attr_dev(ta_number, module, target, tid.dev, attr, &value);
14382 break;
14383
14384 case T_IPC:
14385 err = set_attr_ipc(ta_number, module, target, &tid, attr, &value);
14386 break;
14387
14388 case T_USER:
14389 err = set_attr_user(ta_number, module, target, &tid, attr, &value);
14390 break;
14391
14392 case T_PROCESS:
14393 err = set_attr_process(ta_number, module, target, &tid, attr, &value);
14394 break;
14395
14396 #ifdef CONFIG_RSBAC_UM
14397 case T_GROUP:
14398 err = set_attr_group(ta_number, module, target, &tid, attr, &value);
14399 break;
14400 #endif
14401
14402 #ifdef CONFIG_RSBAC_NET_DEV
14403 case T_NETDEV:
14404 err = set_attr_netdev(ta_number, module, target, &tid, attr, &value);
14405 break;
14406 #endif
14407
14408 #ifdef CONFIG_RSBAC_NET_OBJ
14409 case T_NETTEMP:
14410 err = set_attr_nettemp(ta_number, module, target, &tid, attr, &value);
14411 break;
14412
14413 case T_NETOBJ:
14414 err = set_attr_netobj(ta_number, module, target, &tid, attr, &value);
14415 break;
14416 #endif
14417
14418
14419 default:
14420 return(-RSBAC_EINVALIDTARGET);
14421 }
14422 #ifdef CONFIG_RSBAC_XSTATS
14423 if(!err)
14424 set_attr_count[target]++;
14425 #endif
14426 return(err);
14427 }
14428
14429
14430
14431 int rsbac_ta_remove_target(
14432 rsbac_list_ta_number_t ta_number,
14433 enum rsbac_target_t target,
14434 union rsbac_target_id_t tid)
14435 {
14436 int error=0;
14437 struct rsbac_device_list_item_t * device_p;
14438 u_long dflags;
14439
14440 if (!rsbac_initialized)
14441 {
14442 rsbac_printk(KERN_WARNING "rsbac_remove_target(): RSBAC not initialized\n");
14443 return(-RSBAC_ENOTINITIALIZED);
14444 }
14445 if (in_interrupt())
14446 {
14447 rsbac_printk(KERN_WARNING "rsbac_remove_target(): called from interrupt!\n");
14448 }
14449 switch (target)
14450 {
14451 case T_FILE:
14452 case T_DIR:
14453 case T_FIFO:
14454 case T_SYMLINK:
14455
14456
14457
14458
14459
14460
14461
14462 #if defined(CONFIG_RSBAC_MAC)
14463
14464 if( (target == T_FILE)
14465 || (target == T_DIR)
14466 )
14467 error = rsbac_mac_remove_f_trusets(tid.file);
14468 #endif
14469 #if defined(CONFIG_RSBAC_AUTH)
14470
14471 if( (target == T_FILE)
14472 || (target == T_DIR)
14473 )
14474 error = rsbac_auth_remove_f_capsets(tid.file);
14475 #endif
14476 #if defined(CONFIG_RSBAC_ACL)
14477
14478 error = rsbac_acl_remove_acl(ta_number, target, tid);
14479 #endif
14480
14481 rsbac_read_lock(&device_list_head.lock, &dflags);
14482
14483
14484
14485 device_p = lookup_device(tid.file.device);
14486 if (!device_p)
14487 {
14488 struct super_block * sb_p;
14489
14490 rsbac_read_unlock(&device_list_head.lock, &dflags);
14491 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
14492 sb_p = user_get_super(tid.file.device);
14493 #else
14494 sb_p = get_super(tid.file.device);
14495 #endif
14496 if(sb_p)
14497 {
14498 rsbac_printk(KERN_INFO
14499 "rsbac_remove_target(): auto-mounting device %02u:%02u\n",
14500 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14501 rsbac_mount(sb_p, NULL);
14502
14503 drop_super(sb_p);
14504 rsbac_read_lock(&device_list_head.lock, &dflags);
14505 device_p = lookup_device(tid.file.device);
14506 if (!device_p)
14507 {
14508 rsbac_printk(KERN_WARNING
14509 "rsbac_remove_target(): unknown device %02u:%02u\n",
14510 RSBAC_MAJOR(tid.file.device), RSBAC_MINOR(tid.file.device));
14511 rsbac_read_unlock(&device_list_head.lock, &dflags);
14512 return -RSBAC_EINVALIDDEV;
14513 }
14514 }
14515 else
14516 return -RSBAC_EINVALIDDEV;
14517 }
14518 rsbac_ta_list_remove(ta_number,
14519 device_p->handles.gen[gen_fd_hash(tid.file.inode)],
14520 &tid.file.inode);
14521 #if defined(CONFIG_RSBAC_MAC)
14522 rsbac_ta_list_remove(ta_number,
14523 device_p->handles.mac[mac_fd_hash(tid.file.inode)],
14524 &tid.file.inode);
14525 #endif
14526 #if defined(CONFIG_RSBAC_PM)
14527 rsbac_ta_list_remove(ta_number,
14528 device_p->handles.pm[pm_fd_hash(tid.file.inode)],
14529 &tid.file.inode);
14530 #endif
14531 #if defined(CONFIG_RSBAC_DAZ)
14532 rsbac_ta_list_remove(ta_number,
14533 device_p->handles.daz[daz_fd_hash(tid.file.inode)],
14534 &tid.file.inode);
14535 #if defined(CONFIG_RSBAC_DAZ_CACHE)
14536 rsbac_ta_list_remove(ta_number,
14537 device_p->handles.dazs[daz_scanned_fd_hash(tid.file.inode)],
14538 &tid.file.inode);
14539 #endif
14540 #endif
14541 #if defined(CONFIG_RSBAC_FF)
14542 rsbac_ta_list_remove(ta_number,
14543 device_p->handles.ff[ff_fd_hash(tid.file.inode)],
14544 &tid.file.inode);
14545 #endif
14546 #if defined(CONFIG_RSBAC_RC)
14547 rsbac_ta_list_remove(ta_number,
14548 device_p->handles.rc[rc_fd_hash(tid.file.inode)],
14549 &tid.file.inode);
14550 #endif
14551 #if defined(CONFIG_RSBAC_AUTH)
14552 rsbac_ta_list_remove(ta_number,
14553 device_p->handles.auth[auth_fd_hash(tid.file.inode)],
14554 &tid.file.inode);
14555 #endif
14556 #if defined(CONFIG_RSBAC_CAP)
14557 rsbac_ta_list_remove(ta_number,
14558 device_p->handles.cap[cap_fd_hash(tid.file.inode)],
14559 &tid.file.inode);
14560 #endif
14561 #if defined(CONFIG_RSBAC_PAX)
14562 rsbac_ta_list_remove(ta_number,
14563 device_p->handles.pax[pax_fd_hash(tid.file.inode)],
14564 &tid.file.inode);
14565 #endif
14566 #if defined(CONFIG_RSBAC_RES)
14567 rsbac_ta_list_remove(ta_number,
14568 device_p->handles.res[res_fd_hash(tid.file.inode)],
14569 &tid.file.inode);
14570 #endif
14571
14572
14573 rsbac_read_unlock(&device_list_head.lock, &dflags);
14574 break;
14575
14576 case T_DEV:
14577 {
14578 if(tid.dev.type > D_char)
14579 return -RSBAC_EINVALIDTARGET;
14580
14581
14582
14583
14584
14585
14586 rsbac_ta_list_remove(ta_number,
14587 dev_handles.gen,
14588 &tid.dev);
14589 #if defined(CONFIG_RSBAC_MAC)
14590 rsbac_ta_list_remove(ta_number,
14591 dev_handles.mac,
14592 &tid.dev);
14593 #endif
14594 #if defined(CONFIG_RSBAC_PM)
14595 rsbac_ta_list_remove(ta_number,
14596 dev_handles.pm,
14597 &tid.dev);
14598 #endif
14599 #if defined(CONFIG_RSBAC_RC)
14600 rsbac_ta_list_remove(ta_number,
14601 dev_handles.rc,
14602 &tid.dev);
14603 #endif
14604 }
14605 break;
14606
14607 case T_IPC:
14608
14609
14610
14611
14612
14613
14614
14615 #if defined(CONFIG_RSBAC_MAC)
14616 rsbac_ta_list_remove(ta_number,
14617 ipc_handles.mac,
14618 &tid.ipc);
14619 #endif
14620 #if defined(CONFIG_RSBAC_PM)
14621 rsbac_ta_list_remove(ta_number,
14622 ipc_handles.pm,
14623 &tid.ipc);
14624 #endif
14625 #if defined(CONFIG_RSBAC_RC)
14626 rsbac_ta_list_remove(ta_number,
14627 ipc_handles.rc,
14628 &tid.ipc);
14629 #endif
14630 #if defined(CONFIG_RSBAC_JAIL)
14631 rsbac_ta_list_remove(ta_number,
14632 ipc_handles.jail,
14633 &tid.ipc);
14634 #endif
14635 break;
14636
14637 case T_USER:
14638
14639
14640
14641
14642
14643
14644 rsbac_ta_list_remove(ta_number,
14645 user_handles.gen,
14646 &tid.user);
14647 #if defined(CONFIG_RSBAC_MAC)
14648 rsbac_ta_list_remove(ta_number,
14649 user_handles.mac,
14650 &tid.user);
14651 #endif
14652 #if defined(CONFIG_RSBAC_PM)
14653 rsbac_ta_list_remove(ta_number,
14654 user_handles.pm,
14655 &tid.user);
14656 #endif
14657 #if defined(CONFIG_RSBAC_DAZ)
14658 rsbac_ta_list_remove(ta_number,
14659 user_handles.daz,
14660 &tid.user);
14661 #endif
14662 #if defined(CONFIG_RSBAC_FF)
14663 rsbac_ta_list_remove(ta_number,
14664 user_handles.ff,
14665 &tid.user);
14666 #endif
14667 #if defined(CONFIG_RSBAC_RC)
14668 rsbac_ta_list_remove(ta_number,
14669 user_handles.rc,
14670 &tid.user);
14671 #endif
14672 #if defined(CONFIG_RSBAC_AUTH)
14673 rsbac_ta_list_remove(ta_number,
14674 user_handles.auth,
14675 &tid.user);
14676 #endif
14677 #if defined(CONFIG_RSBAC_CAP)
14678 rsbac_ta_list_remove(ta_number,
14679 user_handles.cap,
14680 &tid.user);
14681 #endif
14682 #if defined(CONFIG_RSBAC_JAIL)
14683 rsbac_ta_list_remove(ta_number,
14684 user_handles.jail,
14685 &tid.user);
14686 #endif
14687 #if defined(CONFIG_RSBAC_PAX)
14688 rsbac_ta_list_remove(ta_number,
14689 user_handles.pax,
14690 &tid.user);
14691 #endif
14692 #if defined(CONFIG_RSBAC_RES)
14693 rsbac_ta_list_remove(ta_number,
14694 user_handles.res,
14695 &tid.user);
14696 #endif
14697 break;
14698
14699 case T_PROCESS:
14700
14701
14702
14703
14704
14705
14706
14707 #if defined(CONFIG_RSBAC_ACL)
14708
14709 error = rsbac_acl_remove_acl(ta_number, target, tid);
14710 #endif
14711 rsbac_ta_list_remove(ta_number,
14712 process_handles.gen[gen_p_hash(tid.process)],
14713 &tid.process);
14714 #if defined(CONFIG_RSBAC_MAC)
14715
14716 error = rsbac_mac_remove_p_trusets(tid.process);
14717 rsbac_ta_list_remove(ta_number,
14718 process_handles.mac[mac_p_hash(tid.process)],
14719 &tid.process);
14720 #endif
14721 #if defined(CONFIG_RSBAC_PM)
14722 rsbac_ta_list_remove(ta_number,
14723 process_handles.pm,
14724 &tid.process);
14725 #endif
14726 #if defined(CONFIG_RSBAC_DAZ)
14727 rsbac_ta_list_remove(ta_number,
14728 process_handles.daz,
14729 &tid.process);
14730 #endif
14731 #if defined(CONFIG_RSBAC_RC)
14732 rsbac_ta_list_remove(ta_number,
14733 process_handles.rc[rc_p_hash(tid.process)],
14734 &tid.process);
14735 #endif
14736 #if defined(CONFIG_RSBAC_AUTH)
14737
14738 error = rsbac_auth_remove_p_capsets(tid.process);
14739 rsbac_ta_list_remove(ta_number,
14740 process_handles.auth,
14741 &tid.process);
14742 #endif
14743 #if defined(CONFIG_RSBAC_CAP)
14744 rsbac_ta_list_remove(ta_number,
14745 process_handles.cap,
14746 &tid.process);
14747 #endif
14748 #if defined(CONFIG_RSBAC_JAIL)
14749 rsbac_ta_list_remove(ta_number,
14750 process_handles.jail[jail_p_hash(tid.process)],
14751 &tid.process);
14752 #endif
14753 break;
14754
14755 #ifdef CONFIG_RSBAC_UM
14756 case T_GROUP:
14757
14758
14759
14760
14761
14762
14763
14764 #if defined(CONFIG_RSBAC_RC_UM_PROT)
14765 rsbac_ta_list_remove(ta_number,
14766 group_handles.rc,
14767 &tid.group);
14768 #endif
14769 break;
14770 #endif
14771
14772 #ifdef CONFIG_RSBAC_NET_DEV
14773 case T_NETDEV:
14774 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
14775 rsbac_ta_list_remove(ta_number,
14776 netdev_handles.gen,
14777 &tid.netdev);
14778 #endif
14779 #if defined(CONFIG_RSBAC_RC)
14780 rsbac_ta_list_remove(ta_number,
14781 netdev_handles.rc,
14782 &tid.netdev);
14783 #endif
14784 break;
14785 #endif
14786
14787 #ifdef CONFIG_RSBAC_NET_OBJ
14788 case T_NETTEMP:
14789
14790
14791
14792
14793
14794
14795
14796 #if defined(CONFIG_RSBAC_IND_NETOBJ_LOG)
14797 rsbac_ta_list_remove(ta_number,
14798 nettemp_handles.gen,
14799 &tid.nettemp);
14800 #endif
14801 #if defined(CONFIG_RSBAC_MAC)
14802 rsbac_ta_list_remove(ta_number,
14803 nettemp_handles.mac,
14804 &tid.nettemp);
14805 #endif
14806 #if defined(CONFIG_RSBAC_PM)
14807 rsbac_ta_list_remove(ta_number,
14808 nettemp_handles.pm,
14809 &tid.nettemp);
14810 #endif
14811 #if defined(CONFIG_RSBAC_RC)
14812 rsbac_ta_list_remove(ta_number,
14813 nettemp_handles.rc,
14814 &tid.nettemp);
14815 #endif
14816 #if defined(CONFIG_RSBAC_ACL_NET_OBJ_PROT)
14817 rsbac_acl_remove_acl(ta_number, T_NETTEMP_NT, tid);
14818 rsbac_acl_remove_acl(ta_number, T_NETTEMP, tid);
14819 #endif
14820 break;
14821
14822 case T_NETOBJ:
14823
14824
14825
14826
14827
14828
14829
14830 #if defined(CONFIG_RSBAC_MAC)
14831 rsbac_ta_list_remove(ta_number,
14832 lnetobj_handles.mac,
14833 &tid.netobj.sock_p);
14834 rsbac_ta_list_remove(ta_number,
14835 rnetobj_handles.mac,
14836 &tid.netobj.sock_p);
14837 #endif
14838 #if defined(CONFIG_RSBAC_PM)
14839 rsbac_ta_list_remove(ta_number,
14840 lnetobj_handles.pm,
14841 &tid.netobj.sock_p);
14842 rsbac_ta_list_remove(ta_number,
14843 rnetobj_handles.pm,
14844 &tid.netobj.sock_p);
14845 #endif
14846 #if defined(CONFIG_RSBAC_RC)
14847 rsbac_ta_list_remove(ta_number,
14848 lnetobj_handles.rc,
14849 &tid.netobj.sock_p);
14850 rsbac_ta_list_remove(ta_number,
14851 rnetobj_handles.rc,
14852 &tid.netobj.sock_p);
14853 #endif
14854 break;
14855
14856 #endif
14857
14858 default:
14859 return(-RSBAC_EINVALIDTARGET);
14860 }
14861 #ifdef CONFIG_RSBAC_XSTATS
14862 remove_count[target]++;
14863 #endif
14864 return(error);
14865 }
14866
14867 int rsbac_ta_list_all_dev(rsbac_list_ta_number_t ta_number, struct rsbac_dev_desc_t ** id_pp)
14868 {
14869 int count=0;
14870 int tmp_count;
14871
14872 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.gen);
14873 if(tmp_count > 0)
14874 count += tmp_count;
14875 #if defined(CONFIG_RSBAC_MAC)
14876 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.mac);
14877 if(tmp_count > 0)
14878 count += tmp_count;
14879 #endif
14880 #if defined(CONFIG_RSBAC_PM)
14881 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.pm);
14882 if(tmp_count > 0)
14883 count += tmp_count;
14884 #endif
14885 #if defined(CONFIG_RSBAC_RC)
14886 tmp_count = rsbac_ta_list_count(ta_number, dev_major_handles.rc);
14887 if(tmp_count > 0)
14888 count += tmp_count;
14889 tmp_count = rsbac_ta_list_count(ta_number, dev_handles.rc);
14890 if(tmp_count > 0)
14891 count += tmp_count;
14892 #endif
14893 if(id_pp)
14894 {
14895 struct rsbac_dev_desc_t * i_id_p = NULL;
14896 char * pos = NULL;
14897 #if defined(CONFIG_RSBAC_MAC) || defined(CONFIG_RSBAC_PM) || defined(CONFIG_RSBAC_RC)
14898 u_int i;
14899 #endif
14900
14901 if(count > 0)
14902 {
14903 int i_count = 0;
14904
14905 i_count = count + 20;
14906 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
14907 if(!*id_pp)
14908 return -RSBAC_ENOMEM;
14909 pos = (char *) *id_pp;
14910 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
14911 dev_handles.gen,
14912 (void **) &i_id_p);
14913 if(tmp_count > 0)
14914 {
14915 if(tmp_count > i_count)
14916 tmp_count = i_count;
14917 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p));
14918 rsbac_vfree(i_id_p);
14919 count = tmp_count;
14920 i_count -= tmp_count;
14921 pos += tmp_count * sizeof(*i_id_p);
14922 }
14923 else
14924 count = 0;
14925 #if defined(CONFIG_RSBAC_MAC)
14926 if(i_count)
14927 {
14928 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.mac, (void **) &i_id_p);
14929 if(tmp_count > 0)
14930 {
14931 if(tmp_count > i_count)
14932 tmp_count = i_count;
14933 for(i=0; i< tmp_count; i++)
14934 {
14935 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14936 {
14937 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14938 pos += sizeof(*i_id_p);
14939 count++;
14940 i_count--;
14941 }
14942 }
14943 rsbac_vfree(i_id_p);
14944 }
14945 }
14946 #endif
14947 #if defined(CONFIG_RSBAC_PM)
14948 if(i_count)
14949 {
14950 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.pm, (void **) &i_id_p);
14951 if(tmp_count > 0)
14952 {
14953 if(tmp_count > i_count)
14954 tmp_count = i_count;
14955 for(i=0; i< tmp_count; i++)
14956 {
14957 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
14958 #if defined(CONFIG_RSBAC_MAC)
14959 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
14960 #endif
14961 {
14962 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14963 pos += sizeof(*i_id_p);
14964 count++;
14965 i_count--;
14966 }
14967 }
14968 rsbac_vfree(i_id_p);
14969 }
14970 }
14971 #endif
14972 #if defined(CONFIG_RSBAC_RC)
14973 if(i_count)
14974 {
14975 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_major_handles.rc, (void **) &i_id_p);
14976 if(tmp_count > 0)
14977 {
14978 if(tmp_count > i_count)
14979 tmp_count = i_count;
14980 for(i=0; i< tmp_count; i++)
14981 {
14982 i_id_p[i].type += (D_block_major - D_block);
14983 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
14984 pos += sizeof(*i_id_p);
14985 count++;
14986 i_count--;
14987 }
14988 rsbac_vfree(i_id_p);
14989 }
14990 }
14991 if(i_count)
14992 {
14993 tmp_count = rsbac_ta_list_get_all_desc(ta_number, dev_handles.rc, (void **) &i_id_p);
14994 if(tmp_count > 0)
14995 {
14996 if(tmp_count > i_count)
14997 tmp_count = i_count;
14998 for(i=0; i< tmp_count; i++)
14999 {
15000 if(!rsbac_ta_list_exist(ta_number, dev_handles.gen, &i_id_p[i]))
15001 #if defined(CONFIG_RSBAC_MAC)
15002 if(!rsbac_ta_list_exist(ta_number, dev_handles.mac, &i_id_p[i]))
15003 #endif
15004 #if defined(CONFIG_RSBAC_PM)
15005 if(!rsbac_ta_list_exist(ta_number, dev_handles.pm, &i_id_p[i]))
15006 #endif
15007 {
15008 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
15009 pos += sizeof(*i_id_p);
15010 count++;
15011 i_count--;
15012 }
15013 }
15014 rsbac_vfree(i_id_p);
15015 }
15016 }
15017 #endif
15018 if(!count)
15019 rsbac_vfree(*id_pp);
15020 }
15021 }
15022 return count;
15023 }
15024
15025
15026 static int copy_new_uids(rsbac_list_handle_t list,
15027 rsbac_list_ta_number_t ta_number,
15028 int * count_p,
15029 int * i_count_p,
15030 rsbac_uid_t * res_id_p)
15031 {
15032 rsbac_uid_t * i_id_p = NULL;
15033 rsbac_boolean_t found;
15034 int tmp_count;
15035 int i;
15036 int j;
15037
15038 if(!list || !count_p || !i_count_p || !res_id_p)
15039 return -RSBAC_EINVALIDPOINTER;
15040 if(!*i_count_p)
15041 return 0;
15042
15043
15044 tmp_count = rsbac_ta_list_get_all_desc(ta_number, list, (void **) &i_id_p);
15045 if(tmp_count > 0)
15046 {
15047 if(tmp_count > *i_count_p)
15048 tmp_count = *i_count_p;
15049 for(i=0; i < tmp_count; i++)
15050 {
15051 found = FALSE;
15052 for(j=0; j < *count_p; j++)
15053 {
15054 if(res_id_p[j] == i_id_p[i])
15055 {
15056 found = TRUE;
15057 break;
15058 }
15059 }
15060 if(found == FALSE)
15061 {
15062 res_id_p[*count_p] = i_id_p[i];
15063 (*count_p)++;
15064 (*i_count_p)--;
15065 }
15066 }
15067 rsbac_vfree(i_id_p);
15068 }
15069 return 0;
15070 }
15071
15072 int rsbac_ta_list_all_user(rsbac_list_ta_number_t ta_number, rsbac_uid_t ** id_pp)
15073 {
15074 int count=0;
15075 int tmp_count;
15076
15077 tmp_count = rsbac_ta_list_count(ta_number, user_handles.gen);
15078 if(tmp_count > 0)
15079 count += tmp_count;
15080 #if defined(CONFIG_RSBAC_MAC)
15081 tmp_count = rsbac_ta_list_count(ta_number, user_handles.mac);
15082 if(tmp_count > 0)
15083 count += tmp_count;
15084 #endif
15085 #if defined(CONFIG_RSBAC_PM)
15086 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pm);
15087 if(tmp_count > 0)
15088 count += tmp_count;
15089 #endif
15090 #if defined(CONFIG_RSBAC_DAZ)
15091 tmp_count = rsbac_ta_list_count(ta_number, user_handles.daz);
15092 if(tmp_count > 0)
15093 count += tmp_count;
15094 #endif
15095 #if defined(CONFIG_RSBAC_FF)
15096 tmp_count = rsbac_ta_list_count(ta_number, user_handles.ff);
15097 if(tmp_count > 0)
15098 count += tmp_count;
15099 #endif
15100 #if defined(CONFIG_RSBAC_RC)
15101 tmp_count = rsbac_ta_list_count(ta_number, user_handles.rc);
15102 if(tmp_count > 0)
15103 count += tmp_count;
15104 #endif
15105 #if defined(CONFIG_RSBAC_AUTH)
15106 tmp_count = rsbac_ta_list_count(ta_number, user_handles.auth);
15107 if(tmp_count > 0)
15108 count += tmp_count;
15109 #endif
15110 #if defined(CONFIG_RSBAC_CAP)
15111 tmp_count = rsbac_ta_list_count(ta_number, user_handles.cap);
15112 if(tmp_count > 0)
15113 count += tmp_count;
15114 #endif
15115 #if defined(CONFIG_RSBAC_JAIL)
15116 tmp_count = rsbac_ta_list_count(ta_number, user_handles.jail);
15117 if(tmp_count > 0)
15118 count += tmp_count;
15119 #endif
15120 #if defined(CONFIG_RSBAC_PAX)
15121 tmp_count = rsbac_ta_list_count(ta_number, user_handles.pax);
15122 if(tmp_count > 0)
15123 count += tmp_count;
15124 #endif
15125 #if defined(CONFIG_RSBAC_RES)
15126 tmp_count = rsbac_ta_list_count(ta_number, user_handles.res);
15127 if(tmp_count > 0)
15128 count += tmp_count;
15129 #endif
15130 if(id_pp)
15131 {
15132 if(count > 0)
15133 {
15134 int i_count;
15135 rsbac_uid_t * i_id_p = NULL;
15136
15137 i_count = count + 20;
15138 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15139 if(!*id_pp)
15140 return -RSBAC_ENOMEM;
15141 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15142 user_handles.gen,
15143 (void **) &i_id_p);
15144 if(tmp_count > 0)
15145 {
15146 if(tmp_count > i_count)
15147 tmp_count = i_count;
15148 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15149 rsbac_vfree(i_id_p);
15150 count = tmp_count;
15151 i_count -= tmp_count;
15152 }
15153 else
15154 count = 0;
15155 #if defined(CONFIG_RSBAC_MAC)
15156 copy_new_uids(user_handles.mac, ta_number, &count, &i_count, *id_pp);
15157 #endif
15158 #if defined(CONFIG_RSBAC_PM)
15159 copy_new_uids(user_handles.pm, ta_number, &count, &i_count, *id_pp);
15160 #endif
15161 #if defined(CONFIG_RSBAC_DAZ)
15162 copy_new_uids(user_handles.daz, ta_number, &count, &i_count, *id_pp);
15163 #endif
15164 #if defined(CONFIG_RSBAC_FF)
15165 copy_new_uids(user_handles.ff, ta_number, &count, &i_count, *id_pp);
15166 #endif
15167 #if defined(CONFIG_RSBAC_RC)
15168 copy_new_uids(user_handles.rc, ta_number, &count, &i_count, *id_pp);
15169 #endif
15170 #if defined(CONFIG_RSBAC_AUTH)
15171 copy_new_uids(user_handles.auth, ta_number, &count, &i_count, *id_pp);
15172 #endif
15173 #if defined(CONFIG_RSBAC_CAP)
15174 copy_new_uids(user_handles.cap, ta_number, &count, &i_count, *id_pp);
15175 #endif
15176 #if defined(CONFIG_RSBAC_JAIL)
15177 copy_new_uids(user_handles.jail, ta_number, &count, &i_count, *id_pp);
15178 #endif
15179 #if defined(CONFIG_RSBAC_PAX)
15180 copy_new_uids(user_handles.pax, ta_number, &count, &i_count, *id_pp);
15181 #endif
15182 #if defined(CONFIG_RSBAC_RES)
15183 copy_new_uids(user_handles.res, ta_number, &count, &i_count, *id_pp);
15184 #endif
15185 if(!count)
15186 rsbac_vfree(*id_pp);
15187 }
15188 }
15189 return count;
15190 }
15191
15192 int rsbac_ta_list_all_group(rsbac_list_ta_number_t ta_number, rsbac_gid_t ** id_pp)
15193 {
15194 #if defined(CONFIG_RSBAC_RC_UM_PROT)
15195 int count=0;
15196 int tmp_count;
15197
15198 tmp_count = rsbac_ta_list_count(ta_number, group_handles.rc);
15199 if(tmp_count > 0)
15200 count += tmp_count;
15201 if(id_pp)
15202 {
15203 if(count > 0)
15204 {
15205 int i_count;
15206 rsbac_gid_t * i_id_p = NULL;
15207
15208 i_count = count + 20;
15209 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15210 if(!*id_pp)
15211 return -RSBAC_ENOMEM;
15212 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15213 group_handles.rc,
15214 (void **) &i_id_p);
15215 if(tmp_count > 0)
15216 {
15217 if(tmp_count > i_count)
15218 tmp_count = i_count;
15219 memcpy(*id_pp, i_id_p, tmp_count * sizeof(*i_id_p));
15220 rsbac_vfree(i_id_p);
15221 count = tmp_count;
15222 i_count -= tmp_count;
15223 }
15224 else
15225 count = 0;
15226 if(!count)
15227 rsbac_vfree(*id_pp);
15228 }
15229 }
15230 return count;
15231 #else
15232 return 0;
15233 #endif
15234 }
15235
15236
15237 #ifdef CONFIG_RSBAC_NET_DEV
15238 int rsbac_ta_net_list_all_netdev(rsbac_list_ta_number_t ta_number, rsbac_netdev_id_t ** id_pp)
15239 {
15240 int count=0;
15241 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC)
15242 int tmp_count;
15243 #endif
15244
15245 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
15246 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.gen);
15247 if(tmp_count > 0)
15248 count += tmp_count;
15249 #endif
15250 #if defined(CONFIG_RSBAC_RC)
15251 tmp_count = rsbac_ta_list_count(ta_number, netdev_handles.rc);
15252 if(tmp_count > 0)
15253 count += tmp_count;
15254 #endif
15255 if(id_pp)
15256 {
15257 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG) || defined(CONFIG_RSBAC_RC)
15258 rsbac_netdev_id_t * i_id_p = NULL;
15259 #endif
15260 char * pos = NULL;
15261 #if defined(CONFIG_RSBAC_RC)
15262 u_int i;
15263 #endif
15264
15265 if(count > 0)
15266 {
15267 int i_count = 0;
15268
15269 i_count = count + 20;
15270 *id_pp = rsbac_vmalloc(i_count * sizeof(**id_pp));
15271 if(!*id_pp)
15272 return -RSBAC_ENOMEM;
15273 pos = (char *) *id_pp;
15274 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
15275 tmp_count = rsbac_ta_list_get_all_desc(ta_number,
15276 netdev_handles.gen,
15277 (void **) &i_id_p);
15278 if(tmp_count > 0)
15279 {
15280 if(tmp_count > i_count)
15281 tmp_count = i_count;
15282 memcpy(pos, i_id_p, tmp_count * sizeof(*i_id_p));
15283 rsbac_vfree(i_id_p);
15284 count = tmp_count;
15285 i_count -= tmp_count;
15286 pos += tmp_count * sizeof(*i_id_p);
15287 }
15288 else
15289 count = 0;
15290 #endif
15291 #if defined(CONFIG_RSBAC_RC)
15292 if(i_count)
15293 {
15294 tmp_count = rsbac_ta_list_get_all_desc(ta_number, netdev_handles.rc, (void **) &i_id_p);
15295 if(tmp_count > 0)
15296 {
15297 if(tmp_count > i_count)
15298 tmp_count = i_count;
15299 for(i=0; i< tmp_count; i++)
15300 {
15301 #if defined(CONFIG_RSBAC_IND_NETDEV_LOG)
15302 if(!rsbac_ta_list_exist(ta_number, netdev_handles.gen, &i_id_p[i]))
15303 #endif
15304 {
15305 memcpy(pos, &i_id_p[i], sizeof(*i_id_p));
15306 pos += sizeof(*i_id_p);
15307 count++;
15308 i_count--;
15309 }
15310 }
15311 rsbac_vfree(i_id_p);
15312 }
15313 }
15314 #endif
15315 if(!count)
15316 rsbac_vfree(*id_pp);
15317 }
15318 }
15319 return count;
15320 }
15321 #endif
15322
15323 #ifdef CONFIG_RSBAC_NET_OBJ
15324
15325 int rsbac_net_get_id(
15326 rsbac_list_ta_number_t ta_number,
15327 struct rsbac_net_description_t * desc_p,
15328 rsbac_net_temp_id_t * id_p)
15329 {
15330 if(!rsbac_initialized)
15331 return -RSBAC_ENOTINITIALIZED;
15332 if(!id_p || !desc_p)
15333 return -RSBAC_EINVALIDPOINTER;
15334 if(rsbac_ta_list_get_desc(ta_number,
15335 net_temp_handle,
15336 id_p,
15337 desc_p,
15338 rsbac_net_compare_data)
15339 )
15340 *id_p = RSBAC_NET_UNKNOWN;
15341 return 0;
15342 }
15343
15344
15345
15346 int rsbac_ta_net_lookup_templates(
15347 rsbac_list_ta_number_t ta_number,
15348 struct rsbac_net_obj_desc_t * netobj_p,
15349 rsbac_net_temp_id_t * local_temp_p,
15350 rsbac_net_temp_id_t * remote_temp_p)
15351 {
15352 struct rsbac_net_description_t * rsbac_net_desc_p;
15353 int err=0;
15354 struct net_device *dev;
15355
15356 if(!netobj_p || !netobj_p->sock_p || !netobj_p->sock_p->sk || !netobj_p->sock_p->ops)
15357 return -RSBAC_EINVALIDPOINTER;
15358 if(!local_temp_p && !remote_temp_p)
15359 return -RSBAC_EINVALIDVALUE;
15360
15361 rsbac_net_desc_p = rsbac_kmalloc(sizeof(*rsbac_net_desc_p));
15362 if(!rsbac_net_desc_p)
15363 return -RSBAC_ENOMEM;
15364
15365 rsbac_net_desc_p->address_family = netobj_p->sock_p->ops->family;
15366 rsbac_net_desc_p->type = netobj_p->sock_p->type;
15367 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15368 rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->sk_protocol;
15369 if(netobj_p->sock_p->sk->sk_bound_dev_if)
15370 {
15371 dev = dev_get_by_index(netobj_p->sock_p->sk->sk_bound_dev_if);
15372 #else
15373 rsbac_net_desc_p->protocol = netobj_p->sock_p->sk->protocol;
15374 if(netobj_p->sock_p->sk->bound_dev_if)
15375 {
15376 dev = dev_get_by_index(netobj_p->sock_p->sk->bound_dev_if);
15377 #endif
15378 if(dev)
15379 {
15380 strcpy(rsbac_net_desc_p->netdev, dev->name);
15381 dev_put(dev);
15382 }
15383 else
15384 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
15385 }
15386 else
15387 rsbac_net_desc_p->netdev[0] = RSBAC_NET_UNKNOWN;
15388 if(local_temp_p)
15389 {
15390 switch(rsbac_net_desc_p->address_family)
15391 {
15392 case AF_INET:
15393 if(netobj_p->local_addr)
15394 {
15395 struct sockaddr_in * addr = netobj_p->local_addr;
15396
15397 rsbac_net_desc_p->address = &addr->sin_addr.s_addr;
15398 rsbac_net_desc_p->address_len = sizeof(__u32);
15399 rsbac_net_desc_p->port = ntohs(addr->sin_port);
15400 }
15401 else
15402 {
15403 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15404 rsbac_net_desc_p->address = &inet_sk(netobj_p->sock_p->sk)->rcv_saddr;
15405 rsbac_net_desc_p->address_len = sizeof(__u32);
15406 rsbac_net_desc_p->port = inet_sk(netobj_p->sock_p->sk)->num;
15407 #else
15408 rsbac_net_desc_p->address = &netobj_p->sock_p->sk->rcv_saddr;
15409 rsbac_net_desc_p->address_len = sizeof(__u32);
15410 rsbac_net_desc_p->port = netobj_p->sock_p->sk->num;
15411 #endif
15412 }
15413 dev = ip_dev_find(*(__u32 *)rsbac_net_desc_p->address);
15414 if(dev)
15415 {
15416 strcpy(rsbac_net_desc_p->netdev, dev->name);
15417 dev_put(dev);
15418 }
15419 break;
15420 case AF_UNIX:
15421 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15422 if( unix_sk(netobj_p->sock_p->sk)->addr
15423 && unix_sk(netobj_p->sock_p->sk)->addr->name
15424 )
15425 {
15426 rsbac_net_desc_p->address = unix_sk(netobj_p->sock_p->sk)->addr->name[0].sun_path;
15427 rsbac_net_desc_p->address_len = unix_sk(netobj_p->sock_p->sk)->addr->len;
15428 }
15429 #else
15430 if(netobj_p->sock_p->sk->protinfo.af_unix.addr)
15431 {
15432 rsbac_net_desc_p->address = netobj_p->sock_p->sk->protinfo.af_unix.addr->name[0].sun_path;
15433 rsbac_net_desc_p->address_len = netobj_p->sock_p->sk->protinfo.af_unix.addr->len;
15434 }
15435 #endif
15436 else
15437 if(netobj_p->local_addr)
15438 {
15439 struct sockaddr_un * addr = netobj_p->local_addr;
15440
15441 if(addr->sun_path)
15442 {
15443 rsbac_net_desc_p->address = addr->sun_path;
15444 rsbac_net_desc_p->address_len = strlen(addr->sun_path);
15445 }
15446 else
15447 {
15448 rsbac_net_desc_p->address = NULL;
15449 rsbac_net_desc_p->address_len = 0;
15450 }
15451 }
15452 else
15453 {
15454 rsbac_net_desc_p->address = NULL;
15455 rsbac_net_desc_p->address_len = 0;
15456 }
15457 break;
15458
15459 default:
15460 rsbac_net_desc_p->address = NULL;
15461 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
15462 }
15463 if((err = rsbac_net_get_id(ta_number, rsbac_net_desc_p, local_temp_p)))
15464 {
15465 *local_temp_p = 0;
15466 rsbac_printk(KERN_WARNING
15467 "rsbac_net_lookup_templates(): rsbac_net_get_id for local returned error %u\n",
15468 err);
15469 }
15470 #ifdef CONFIG_RSBAC_DEBUG
15471 if( rsbac_debug_ds_net
15472 && (rsbac_net_desc_p->address_family == AF_INET)
15473 )
15474 {
15475 rsbac_printk(KERN_DEBUG
15476 "rsbac_net_lookup_templates(): user %u temp id for local is %u\n",
15477 current->uid, *local_temp_p);
15478 }
15479 #endif
15480 }
15481 if(remote_temp_p)
15482 {
15483 switch(rsbac_net_desc_p->address_family)
15484 {
15485 case AF_INET:
15486 if(netobj_p->remote_addr)
15487 {
15488 struct sockaddr_in * addr = netobj_p->remote_addr;
15489
15490 rsbac_net_desc_p->address = &addr->sin_addr.s_addr;
15491 rsbac_net_desc_p->address_len = sizeof(__u32);
15492 rsbac_net_desc_p->port = ntohs(addr->sin_port);
15493 }
15494 else
15495 {
15496 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15497 rsbac_net_desc_p->address = &inet_sk(netobj_p->sock_p->sk)->daddr;
15498 rsbac_net_desc_p->address_len = sizeof(__u32);
15499 rsbac_net_desc_p->port = ntohs(inet_sk(netobj_p->sock_p->sk)->dport);
15500 #else
15501 rsbac_net_desc_p->address = &netobj_p->sock_p->sk->daddr;
15502 rsbac_net_desc_p->address_len = sizeof(__u32);
15503 rsbac_net_desc_p->port = ntohs(netobj_p->sock_p->sk->dport);
15504 #endif
15505 }
15506 dev = ip_dev_find(*(__u32 *)rsbac_net_desc_p->address);
15507 if(dev)
15508 {
15509 strcpy(rsbac_net_desc_p->netdev, dev->name);
15510 dev_put(dev);
15511 }
15512 break;
15513 case AF_UNIX:
15514 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
15515 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
15516 if( (unix_sk(netobj_p->sock_p->sk)->other)
15517 && (unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr)
15518 )
15519 {
15520 rsbac_net_desc_p->address
15521 = unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr->name;
15522 rsbac_net_desc_p->address_len
15523 = unix_sk(unix_sk(netobj_p->sock_p->sk)->other)->addr->len;
15524 }
15525 #else
15526 if( (netobj_p->sock_p->sk->protinfo.af_unix.other)
15527 && (netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr)
15528 )
15529 {
15530 rsbac_net_desc_p->address
15531 = netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->name;
15532 rsbac_net_desc_p->address_len
15533 = netobj_p->sock_p->sk->protinfo.af_unix.other->protinfo.af_unix.addr->len;
15534 }
15535 #endif
15536 else
15537 if(netobj_p->remote_addr)
15538 {
15539 struct sockaddr_un * addr = netobj_p->remote_addr;
15540
15541 if(addr->sun_path)
15542 {
15543 rsbac_net_desc_p->address = addr->sun_path;
15544 rsbac_net_desc_p->address_len = strlen(addr->sun_path);
15545 }
15546 else
15547 {
15548 rsbac_net_desc_p->address = NULL;
15549 rsbac_net_desc_p->address_len = 0;
15550 }
15551 }
15552 else
15553 {
15554 rsbac_net_desc_p->address = NULL;
15555 rsbac_net_desc_p->address_len = 0;
15556 }
15557 break;
15558
15559 default:
15560 rsbac_net_desc_p->address = NULL;
15561 rsbac_net_desc_p->address_len = 0;
15562 rsbac_net_desc_p->port = RSBAC_NET_UNKNOWN;
15563 }
15564 if((err = rsbac_net_get_id(ta_number, rsbac_net_desc_p, remote_temp_p)))
15565 {
15566 *remote_temp_p = 0;
15567 rsbac_printk(KERN_WARNING
15568 "rsbac_net_lookup_templates(): rsbac_net_get_id for remote returned error %u\n",
15569 err);
15570 }
15571 #ifdef CONFIG_RSBAC_DEBUG
15572 if( rsbac_debug_ds_net
15573 && (rsbac_net_desc_p->address_family == AF_INET)
15574 )
15575 {
15576 rsbac_printk(KERN_DEBUG
15577 "rsbac_net_lookup_templates(): user %u temp id for remote is %u\n",
15578 current->uid, *remote_temp_p);
15579 }
15580 #endif
15581 }
15582 rsbac_kfree(rsbac_net_desc_p);
15583 return 0;
15584 }
15585
15586 void rsbac_net_obj_cleanup(rsbac_net_obj_id_t netobj)
15587 {
15588 union rsbac_target_id_t tid;
15589
15590 tid.netobj.sock_p = netobj;
15591 rsbac_remove_target(T_NETOBJ, tid);
15592 }
15593
15594 int rsbac_ta_net_template(
15595 rsbac_list_ta_number_t ta_number,
15596 enum rsbac_net_temp_syscall_t call,
15597 rsbac_net_temp_id_t id,
15598 union rsbac_net_temp_syscall_data_t * data_p)
15599 {
15600 struct rsbac_net_temp_data_t int_data = RSBAC_NET_TEMP_DEFAULT_DATA;
15601 int err;
15602
15603 switch(call)
15604 {
15605 case NTS_new_template:
15606 case NTS_check_id:
15607 break;
15608 case NTS_copy_template:
15609 err = rsbac_ta_list_get_data_ttl(ta_number,
15610 net_temp_handle,
15611 NULL,
15612 &data_p->id,
15613 &int_data);
15614 if(err)
15615 return err;
15616 break;
15617 default:
15618 err = rsbac_ta_list_get_data_ttl(ta_number,
15619 net_temp_handle,
15620 NULL,
15621 &id,
15622 &int_data);
15623 if(err)
15624 return err;
15625 }
15626
15627 switch(call)
15628 {
15629 case NTS_set_address:
15630 memcpy(&int_data.address, &data_p->address, sizeof(int_data.address));
15631 return rsbac_ta_list_add_ttl(ta_number,
15632 net_temp_handle,
15633 0,
15634 &id,
15635 &int_data);
15636 case NTS_set_address_family:
15637 int_data.address_family = data_p->address_family;
15638 return rsbac_ta_list_add_ttl(ta_number,
15639 net_temp_handle,
15640 0,
15641 &id,
15642 &int_data);
15643 case NTS_set_valid_len:
15644 int_data.valid_len = data_p->valid_len;
15645 return rsbac_ta_list_add_ttl(ta_number,
15646 net_temp_handle,
15647 0,
15648 &id,
15649 &int_data);
15650 case NTS_set_type:
15651 int_data.type = data_p->type;
15652 return rsbac_ta_list_add_ttl(ta_number,
15653 net_temp_handle,
15654 0,
15655 &id,
15656 &int_data);
15657 case NTS_set_protocol:
15658 int_data.protocol = data_p->protocol;
15659 return rsbac_ta_list_add_ttl(ta_number,
15660 net_temp_handle,
15661 0,
15662 &id,
15663 &int_data);
15664 case NTS_set_netdev:
15665 strncpy(int_data.netdev, data_p->netdev, RSBAC_IFNAMSIZ);
15666 int_data.netdev[RSBAC_IFNAMSIZ] = 0;
15667 return rsbac_ta_list_add_ttl(ta_number,
15668 net_temp_handle,
15669 0,
15670 &id,
15671 &int_data);
15672 case NTS_set_min_port:
15673 int_data.min_port = data_p->min_port;
15674 return rsbac_ta_list_add_ttl(ta_number,
15675 net_temp_handle,
15676 0,
15677 &id,
15678 &int_data);
15679 case NTS_set_max_port:
15680 int_data.max_port = data_p->max_port;
15681 return rsbac_ta_list_add_ttl(ta_number,
15682 net_temp_handle,
15683 0,
15684 &id,
15685 &int_data);
15686 case NTS_set_name:
15687 strncpy(int_data.name, data_p->name, RSBAC_NET_TEMP_NAMELEN - 1);
15688 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
15689 return rsbac_ta_list_add_ttl(ta_number,
15690 net_temp_handle,
15691 0,
15692 &id,
15693 &int_data);
15694 case NTS_new_template:
15695 if(rsbac_list_exist(net_temp_handle, &id))
15696 return -RSBAC_EEXISTS;
15697 strncpy(int_data.name, data_p->name, RSBAC_NET_TEMP_NAMELEN - 1);
15698 int_data.name[RSBAC_NET_TEMP_NAMELEN - 1] = 0;
15699 return rsbac_ta_list_add_ttl(ta_number,
15700 net_temp_handle,
15701 0,
15702 &id,
15703 &int_data);
15704 case NTS_copy_template:
15705 if(rsbac_list_exist(net_temp_handle, &id))
15706 return -RSBAC_EEXISTS;
15707 return rsbac_ta_list_add_ttl(ta_number,
15708 net_temp_handle,
15709 0,
15710 &id,
15711 &int_data);
15712 case NTS_delete_template:
15713 return rsbac_ta_list_remove(ta_number, net_temp_handle, &id);
15714 case NTS_check_id:
15715 if(rsbac_ta_list_exist(ta_number, net_temp_handle, &id))
15716 {
15717 data_p->id = id;
15718 return 0;
15719 }
15720 else
15721 return -RSBAC_ENOTFOUND;
15722 case NTS_get_address:
15723 memcpy(&data_p->address, &int_data.address, sizeof(int_data.address));
15724 return 0;
15725 case NTS_get_address_family:
15726 data_p->address_family = int_data.address_family;
15727 return 0;
15728 case NTS_get_valid_len:
15729 data_p->valid_len = int_data.valid_len;
15730 return 0;
15731 case NTS_get_type:
15732 data_p->type = int_data.type;
15733 return 0;
15734 case NTS_get_protocol:
15735 data_p->protocol = int_data.protocol;
15736 return 0;
15737 case NTS_get_netdev:
15738 strncpy(data_p->netdev, int_data.netdev, RSBAC_IFNAMSIZ);
15739 return 0;
15740 case NTS_get_min_port:
15741 data_p->min_port = int_data.min_port;
15742 return 0;
15743 case NTS_get_max_port:
15744 data_p->max_port = int_data.max_port;
15745 return 0;
15746 case NTS_get_name:
15747 strcpy(data_p->name, int_data.name);
15748 return 0;
15749
15750 default:
15751 return -RSBAC_EINVALIDREQUEST;
15752 }
15753 }
15754
15755 int rsbac_ta_net_list_all_template(rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t ** id_pp)
15756 {
15757 if(id_pp)
15758 return rsbac_ta_list_get_all_desc(ta_number, net_temp_handle, (void **) id_pp);
15759 else
15760 return rsbac_ta_list_count(ta_number, net_temp_handle);
15761 }
15762
15763 int rsbac_ta_net_template_exist(rsbac_list_ta_number_t ta_number, rsbac_net_temp_id_t temp)
15764 {
15765 return rsbac_ta_list_exist(ta_number, net_temp_handle, &temp);
15766 }
15767
15768 int rsbac_net_remote_request(enum rsbac_adf_request_t request)
15769 {
15770 switch(request)
15771 {
15772 case R_ACCEPT:
15773 case R_CONNECT:
15774 case R_SEND:
15775 case R_RECEIVE:
15776 case R_READ:
15777 case R_WRITE:
15778 return TRUE;
15779
15780 default:
15781 return FALSE;
15782 }
15783 }
15784
15785 #endif
15786
15787 #if defined(CONFIG_RSBAC_DAZ)
15788 EXPORT_SYMBOL(rsbac_daz_get_ttl);
15789
15790 rsbac_time_t rsbac_daz_get_ttl(void)
15791 {
15792 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15793 return rsbac_daz_ttl;
15794 #else
15795 return 0;
15796 #endif
15797 }
15798
15799 EXPORT_SYMBOL(rsbac_daz_set_ttl);
15800 void rsbac_daz_set_ttl(rsbac_time_t ttl)
15801 {
15802 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15803 if(ttl)
15804 {
15805 if(ttl > RSBAC_LIST_MAX_AGE_LIMIT)
15806 ttl = RSBAC_LIST_MAX_AGE_LIMIT;
15807 rsbac_daz_ttl = ttl;
15808 }
15809 #endif
15810 }
15811
15812 EXPORT_SYMBOL(rsbac_daz_flush_cache);
15813 int rsbac_daz_flush_cache(void)
15814 {
15815 #if defined(CONFIG_RSBAC_DAZ_CACHE)
15816 struct rsbac_device_list_item_t * device_p;
15817 long dflags;
15818 u_int i;
15819
15820
15821 rsbac_read_lock(&device_list_head.lock, &dflags);
15822 device_p = device_list_head.head;
15823 while(device_p)
15824 {
15825 for (i=0; i < RSBAC_DAZ_SCANNED_NR_FD_LISTS; i++)
15826 rsbac_list_remove_all(device_p->handles.dazs[i]);
15827 device_p = device_p->next;
15828 }
15829 rsbac_read_unlock(&device_list_head.lock, &dflags);
15830 #endif
15831 return 0;
15832 }
15833 #endif
15834
15835
